<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

WebApp Sec: RE: Phishing

RE: Phishing

From: Adam Lydick <lydickaw_at_ruffledpenguin.org>
Date: Fri, 14 May 2004 19:20:09 -0700

I certainly agree with that. It is mostly significant because that
misfeature can be removed without violating explicit standards. I
believe a recent update to internet explorer does remove this capability
from http links.

On Fri, 2004-05-14 at 12:05 +0100, Griffiths, Ian wrote:
> I wasn't aware of this Adam.
>
> It is certainly supported in enough browser to be significant.
>
> Ian
>
> -----Original Message-----
> From: Adam Lydick [mailto:lydickaw_at_ruffledpenguin.org]
> Sent: Fri 14/05/2004 05:55
> To: Griffiths, Ian
> Cc: webappsec_at_securityfocus.com
> Subject: RE: Phishing
>
>
>
> while the generic description of URLs in an
> earlier RFC allows for "user@", the use of it is on a
> protocol-by-protocol basis and HTTP urls do not permit its use.)
>
Received on May 15 2004

This message: [ Message body ]
Next message: Imperva Application Defense Center: "RE: [OWASP-GUIDE] Question concerning usage of languages for webapps"
Previous message: info_at_biledge.com: "security surveys"
In reply to: Griffiths, Ian: "RE: Phishing"
Next in thread: Damon McMahon: "RE: Phishing"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]