|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Outlook Express 6.0 : link destination obfuscation
From: Michael Tewner (tewner
jct.ac.il)
Date: Wed Jan 04 2006 - 06:44:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
or http://www.myBank.com+aWholeLottaJunkbadsite.com
Romain Vergniol wrote:
> Hello FD readers,
>
> did anyone already noticed that on Outlook Express 6.0, when a link is
> longer than 512 bytes, the destination is not displayed at all in the
> status bar ?
>
> Tested on Outlook Express 6.0 on WinXP Pro SP2 FR, does not work on Outlook
> 2003 Win XP SP2 FR.
>
> Ex :
> <a href="http://www.exemple.com/+(500 random chars)">www.bank.com</a>
>
> It could be used in phishing attacks for exemple to hide real link
> destination.
> Could it be considered as a security issue ?
>
> Kind regards,
> Romain Vergniol
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]