[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040324085750.39307.qmail@web25102.mail.ukl.yahoo.com>
From: r4bb1t_f00d at yahoo.co.uk (rabbit food)
Subject: .MAC Phishing .. Security through obscurity
Thanks for your constructive academic response Peter,
Useless
> Information
Hm, that would depend on the attackers perspective, an
authenticated redirector may
protect apple from unsoliciated use of their
redirect (think about it).
Also if you take a moment to think about the way in
which this could be exploited with a little
bit of html..javascript, some fun could be had, if
you were maliciously inclined.
But of course, chains and week links are always
part of the fun.
> It may be possible to redirect a naive .Mac webmail
> user, to another site, possibly, one mocked up as
> webmail (a user may ignore the fact SSL is not
> present).
>
> http://webmail.mac.com/redirect/http://your url
How is this different from <<ANY>> other redirect
attack. Why is this a ".MAC
Webmail phishing attack" ???
Hmmmm, think about that one Peter(didn't say there was
anything special about, the more reason why it should
be noticed).
Is there anything special about .mac webmail that
makes this kind of attack any
easier? This is not some intuitive leap here...
>>>>>
Indeed a correct observation, maybe something apple
could respond to.
Now the IE obfuscated (look up the definition in
dictionary.com) redirection
bug, that was good. It could even be crafted to make
the little lock icon
appear.
>>
Indeed.
There are always sparter people and things out there.
I just don't want some ignorant reporter reading your
message and thinking "oh
my god, Apple's email service is full of holes!!!"
Which reporters are you talking about? ignorance is
rife, just take a look back over the past 300 years of
the printed press....and isn't this full-disclosure.
Take a chill-pill dude.
r4bb1t
___________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
Powered by blists - more mailing lists