lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: staylo at agccs.lmco.com (Stephen Taylor)
Subject: RE: outbind in MS outlook

Thank you very much.  I don't get into the details but now I know a little
bit more to help me evaluate what I do see.
regards,
ST

-----Original Message-----
From: Kristian Lyngst?l [mailto:nesquik@...emians.org]
Sent: Thursday, July 29, 2004 2:03 PM
To: staylo@...cs.lmco.com
Subject: Re: outbind in MS outlook


I am not subscribed to full-discolosure with my personal address (or
computer),
so forgive the lack of a copy of your mail :)

Anyway, what you are seeing is normal.

This is actually a bug in the html-code written by the spammer

In the lack of a <handler>:// in an URL, any browser will (or should)
assume that the link is relative to the path it is currently reading from.

So since the link code is only <a href="www.link.com">link</a>, not
<a href="http://www.link.com">link</a>, the browser will assume this is
relative to the mailbox it is reading it in. (outbind://...)

You will see the same problem on web sites if they omit the http:// in
links.

If www.siteA.com tries to link to www.siteB.com only using
<a href="www.siteB.com">, the browser will look for
http://www.siteA.com/www.siteB.com

--
Regards
Kristian Lyngst?l
Telenor SOC

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ