[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <99E6A67A9DA87041A8020FBC11F480B3014099@EXVS01.dsw.net>
Date: Thu Oct 20 20:30:59 2005
From: smelnick at water.com (Scott Melnick)
Subject: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen).
Nick FitzGerald Wrote:
>IFF that is the case, then it is an extraordinarily brain-dead design,
>as it breaks the very critical "rule" that you should NOT surprise the
>user. A URL link that is shown in the interface to go one place, but
>which goes somewhere else is fundamentally broken under that rule.
>If this is by design, then it's another case of a feature that breaks
>Billy's admonition that security is to trump features, so should be
>fixed.
>Regards,
>Nick FitzGerald
It has been that way for a long time. Sometime the underlined link is in
the form of Click Here to be redirected. Phishing schemes have been
using this in emails for a good long time as well. Especially the ebay
account ones that I'm sure everyone has seen about account information.
Scott Melnick
Security Guy
Powered by blists - more mailing lists