Full Disclosure mailing list archives
RE: Re: Internet Explorer URL parsing vulnerability
From: S G Masood <sgmasood () yahoo com>
Date: Wed, 10 Dec 2003 20:41:05 -0800 (PST)
--- "Schmehl, Paul L" <pauls () utdallas edu> wrote:
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] OnBehalf OfS G Masood Sent: Wednesday, December 10, 2003 12:01 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Re: InternetExplorer URLparsing vulnerability Hey, to be very honest, if this was 0day and thespoof waswell constructed, even you and me would probablyfall for it. ;DReally? I kind of doubt it, since I would never click on a link in an email message that had anything to do with financial matters. I doubt that you would either - 0day or not.
I was not talking about spoofs of banking or financial sites alone. There is a whole range of subtle social engineering goals that you could accomplish with such a spoof. For instance, the headline "Gnu Members Combine Resources to Buy Out Microsoft" would look pretty on http://Microsoft.com... :) Subtlety is the key here. Infact, you dont necessarily have "to click on a link in an email message". There are a whole lot of other ways to feed the URL to the victim which are even more covert. -- Masood __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Internet Explorer URL parsing vulnerability, (continued)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability Dark Avenger (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 12)
- Re: RE:Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 12)
- RE: Re: Internet Explorer URL parsing vulnerability Jarkko Turkulainen (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability John Sage (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability Erik van Straten (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 12)