| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: sgmasood at yahoo.com (S G Masood) Subject: Re: Internet Explorer URL parsing vulnerability Hello Paul, I posted reply to your message before but it didn't appear on the list. There seems to be some problem with the listserv. This is the second message that was lost in the last 24 hours. --- "Schmehl, Paul L" <pauls@...allas.edu> wrote: > > Hey, to be very honest, if this was 0day and the > spoof was > > well constructed, even you and me would probably > fall for it. ;D > > > Really? I kind of doubt it, since I would never > click on a link in an > email message that had anything to do with financial > matters. I doubt > that you would either - 0day or not. I was talking about a very general form of exploitation, not specifically email links that lead to a financial/banking spoof site. A whole range of social engineering goals can be accomplished by using this vuln., creatively in a subtle way. Subtlety is the key here. Just think about all the possibilities! :) Petard posted a funny example just now - http://petard.freeshell.org/ms-announce.html -- S.G.Masood __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
Powered by blists - more mailing lists