WebApp Sec: RE: Phishing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

RE: Phishing

From: Adam Lydick <lydickaw () ruffledpenguin org>
Date: Fri, 14 May 2004 19:20:09 -0700

I certainly agree with that. It is mostly significant because that
misfeature can be removed without violating explicit standards. I
believe a recent update to internet explorer does remove this capability
from http links.

On Fri, 2004-05-14 at 12:05 +0100, Griffiths, Ian wrote:

I wasn't aware of this Adam.
 
It is certainly supported in enough browser to be significant.
 
Ian

      -----Original Message----- 
      From: Adam Lydick [mailto:lydickaw () ruffledpenguin org] 
      Sent: Fri 14/05/2004 05:55 
      To: Griffiths, Ian 
      Cc: webappsec () securityfocus com 
      Subject: RE: Phishing
      
      

      while the generic description of URLs in an
      earlier RFC allows for "user@", the use of it is on a
      protocol-by-protocol basis and HTTP urls do not permit its use.)

By Date By Thread

Current thread:

RE: Phishing, (continued)
- RE: Phishing Michael Silk (May 13)
- Re: Phishing Amit Sharma (May 13)
- Re: Phishing Amit Sharma (May 13)
- RE: Phishing Pete Simpson (May 13)
- RE: Phishing Griffiths, Ian (May 14)
  - RE: Phishing Adam Lydick (May 15)
- RE: Phishing Damon McMahon (May 15)