| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99E6A67A9DA87041A8020FBC11F480B3014099@EXVS01.dsw.net> Date: Thu Oct 20 20:30:59 2005 From: smelnick at water.com (Scott Melnick) Subject: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen). Nick FitzGerald Wrote: >IFF that is the case, then it is an extraordinarily brain-dead design, >as it breaks the very critical "rule" that you should NOT surprise the >user. A URL link that is shown in the interface to go one place, but >which goes somewhere else is fundamentally broken under that rule. >If this is by design, then it's another case of a feature that breaks >Billy's admonition that security is to trump features, so should be >fixed. >Regards, >Nick FitzGerald It has been that way for a long time. Sometime the underlined link is in the form of Click Here to be redirected. Phishing schemes have been using this in emails for a good long time as well. Especially the ebay account ones that I'm sure everyone has seen about account information. Scott Melnick Security Guy
Powered by blists - more mailing lists