lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031211171403.33397.qmail@web60804.mail.yahoo.com>
From: sgmasood at yahoo.com (S G Masood)
Subject: Re: Internet Explorer URL parsing vulnerability

Hello Paul,

I posted reply to your message before but it didn't
appear on the list. There seems to be some problem
with the listserv. This is the second message that was
lost in the last 24 hours.

--- "Schmehl, Paul L" <pauls@...allas.edu> wrote:

> > Hey, to be very honest, if this was 0day and the
> spoof was 
> > well constructed, even you and me would probably
> fall for it. ;D
> >
> Really?  I kind of doubt it, since I would never
> click on a link in an
> email message that had anything to do with financial
> matters.  I doubt
> that you would either - 0day or not.


I was talking about a very general form of
exploitation, not specifically email links that lead
to a financial/banking spoof site. A whole range of
social engineering goals can be accomplished by using
this vuln., creatively in a subtle way. Subtlety is
the key here. Just think about all the possibilities!
:) 

Petard posted a funny example just now -
http://petard.freeshell.org/ms-announce.html

--
S.G.Masood

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ