Full Disclosure mailing list archives

Re: (no subject)

From: Valdis.Kletnieks () vt edu
Date: Thu, 14 Aug 2008 11:58:27 -0400

On Wed, 13 Aug 2008 10:18:13 -0000, ff0000 () hushmail com said:

Is it safe to follow the link in this email?

Yes, it is safe to visit the Hushmail web site by following the link
provided.


Which is, of course, what any miscreant who wanted you to visit a site that
will drop malware into your browser would say.

The risk is mitigated quite a bit for *this* e-mail because the link is in
a text/plain, so you're either cut-n-pasting the link and can see where you're
going, or your MUA has linkified it but you still can see the actual target.

Unfortunately, most users can't tell the difference between a link in a
text/plain and <a href="http://127.0.0.1";>http://www.goodstuff.com</a> (and
you probably should double-check what your MUA did with the above line :)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

(no subject) Bernhard Mueller (Aug 05)
- Re: (no subject) Ureleet (Aug 05)
  - Re: (no subject) Bernhard Mueller (Aug 05)
- <Possible follow-ups>
- (no subject) ff0000 (Aug 13)
  - Re: (no subject) Ureleet (Aug 14)
  - Re: (no subject) Valdis . Kletnieks (Aug 14)