| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20031211044105.41732.qmail@web60801.mail.yahoo.com> From: sgmasood at yahoo.com (S G Masood) Subject: Re: Internet Explorer URL parsing vulnerability --- "Schmehl, Paul L" <pauls@...allas.edu> wrote: > > -----Original Message----- > > From: full-disclosure-admin@...ts.netsys.com > > [mailto:full-disclosure-admin@...ts.netsys.com] On > Behalf Of > > S G Masood > > Sent: Wednesday, December 10, 2003 12:01 PM > > To: full-disclosure@...ts.netsys.com > > Subject: Re: [Full-Disclosure] Re: Internet > Explorer URL > > parsing vulnerability > > > > Hey, to be very honest, if this was 0day and the > spoof was > > well constructed, even you and me would probably > fall for it. ;D > > > Really? I kind of doubt it, since I would never > click on a link in an > email message that had anything to do with financial > matters. I doubt > that you would either - 0day or not. I was not talking about spoofs of banking or financial sites alone. There is a whole range of subtle social engineering goals that you could accomplish with such a spoof. For instance, the headline "Gnu Members Combine Resources to Buy Out Microsoft" would look pretty on http://Microsoft.com... :) Subtlety is the key here. Infact, you dont necessarily have "to click on a link in an email message". There are a whole lot of other ways to feed the URL to the victim which are even more covert. -- Masood __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
Powered by blists - more mailing lists