mailing list archives
RE: New (19.10.05) MS-IE Url Spoofing bug (byK-Gen).
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 21 Oct 2005 20:15:30 +1300
Scott Melnick to me:
It has been that way for a long time. Sometime the underlined link is in
the form of Click Here to be redirected. Phishing schemes have been
using this in emails for a good long time as well. Especially the ebay
account ones that I'm sure everyone has seen about account information.
"because "it works" does NOT mean that is how it is supposed to be...
And, even if "this is how it is supposed to be" by some or rather
interpretation of some standard does not mean that we cannot question
the desirability (or even the sanity) of that "standard" and/or of
sticking to implementing it!
Even if this behaviour is "correct" (which seems entirely open to
debate if you read the mess of responses), I will continue to argue
that _this particular form_ of duping the user is so undesirable as to
be a total misfeature AND SHOULD BE REMOVED on the grounds the standard
is clearly totally bozoid in this case.
Oh, and I can't be sure, but I suspect that the phishing schemes you
are referring to are actually those I see quite a lot using the "fool
the status bar display of the destination URL with a broken MAP tag
improperly embedded in an HREF" trick (which only works in IE, and
maybe some versions of Opera). If so, you are wrong again and the
lack of concern for standards compliance in Redmond... (And yes, there
are other tags apart from MAP that can be used in that trick, but they
are very rarely used by the phishers...)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/