lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <13185193.372041142524968759.JavaMail.juha-matti.laurio@netti.fi>
Date: Thu Mar 16 16:03:03 2006
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: strange domain name in phishing email

It seems that this case has the name Dotless IP Address Security Issue 
and KB article #168617 http://support.microsoft.com/?kbid=168617 
describes it even in IE4.
Correct if I'm wrong.

- Juha-Matti


> IIRC, Microsoft changed that as one of the security updates to IE. For a 
> time, it was a popular phishing trick. I also remember there was a way 
> to do that (or something similar) to bypass the security zones in IE and 
> make it think it was a trusted site, but can't find that reference at hand.
> 
> The "rest" of windows will still do it though. Try "ping 2887060730" or 
> "telnet 2887060730 80".
> 
> ~Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ