funsec mailing list archives
Re: Issue with Microsoft WindowsUpdate/MicrosoftUpdate
From: "Young, Keith" <Keith.Young () montgomerycountymd gov>
Date: Mon, 1 Dec 2008 10:51:45 -0500
Just a quick OT question. I can understand obfuscating malware links in order to allow email filters to let messages through (though we should have all whitelisted the mailing lists we are on) and I can understand doing it to prevent the inadvertent brain fail and unintentional click. Why is it necessary to do so for Microsoft's update URLs?
For one simple reason: this is a public mailing list, I am a (somewhat) untrusted sender, and I didn't want readers to think that I could be (through html/javascript) redirecting them to "update.microsoft.com.evil.web.site/v6/blah/blah/...". Then again, anyone clicking on links from public mailing lists sent by untrusted senders probably (hopefully??) already turned off html/javascript in their e-mails already. --Keith Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Issue with Microsoft WindowsUpdate/MicrosoftUpdate Young, Keith (Nov 28)
- Re: Issue with Microsoft WindowsUpdate/MicrosoftUpdate Skiifwrald (Nov 28)
- Re: Issue with Microsoft WindowsUpdate/MicrosoftUpdate Young, Keith (Dec 01)
- Re: Issue with Microsoft WindowsUpdate/MicrosoftUpdate Skiifwrald (Nov 28)