Re: Phishing scam - Obfuscated url help please

[Valdis.Kletnieks () vt edu]

On Fri, 23 Jan 2004 14:48:43 +1300, Nick FitzGerald <nick () virus-l demon co uk>  said:

> as the "@" is (incorrectly) interpreted by many browsers (most in terms 
> of absolute use) as indicating the username part of the "userinfo" part 
> of the generic URI scheme.  

RFC2396 - Uniform Resource Identifiers (URI): Generic Syntax

3.2.2. Server-based Naming Authority

   URL schemes that involve the direct use of an IP-based protocol to a
   specified server on the Internet use a common syntax for the server
   component of the URI's scheme-specific data:

      <userinfo>@<host>:<port>

   where <userinfo> may consist of a user name and, optionally, scheme-
   specific information about how to gain authorization to access the
   server.  The parts "<userinfo>@" and ":<port>" may be omitted.

      server        = [ [ userinfo "@" ] hostport ]

   The user information, if present, is followed by a commercial at-sign
   "@".

      userinfo      = *( unreserved | escaped |
                         ";" | ":" | "&" | "=" | "+" | "$" | "," )

   Some URL schemes use the format "user:password" in the userinfo
   field. This practice is NOT RECOMMENDED, because the passing of
   authentication information in clear text (such as URI) has proven to
   be a security risk in almost every case where it has been used.


Looks like a correct interpretation to me.

Attachment: _bin
Description: