[dev] Re: [cvs] commit: framework/MIME/MIME/Viewer html.php
Michael M Slusarz
slusarz at mail.curecanti.org
Wed Mar 9 22:40:43 PST 2005
Quoting Michael M Slusarz <slusarz at mail.curecanti.org>:
> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von Michael M Slusarz <slusarz at curecanti.org>:
>>
>>> slusarz 2005-03-03 22:12:37 PST
>>>
>>> Modified files:
>>> MIME/MIME/Viewer html.php
>>> Log:
>>> More phishing tweaking
>>>
>>> Revision Changes Path
>>> 1.23 +10 -3 framework/MIME/MIME/Viewer/html.php
>>
>> This won't work, because a lot of countries regularly use 4 parts in
>> their hostname so that www.bbc.co.uk/ would match www.evil.co.uk/.
>
> Didn't think about those last night (obviously).
>
>> And I consider it really dumb from the sender to use different
>> hostnames in the link and target. Did you meet a real world example of
>> such a case?
>
> Sure, all sorts of (valid) commercial emails I receive. An example I
> saw yesterday - an email from Orbitz. The links were displayed as
> "http://www.orbitz.com/hotdeal" while the actual href was
> "http://email.orbitz.com/email_click_tracker?url=http://www.orbitz.com/hotdeal" (obviously, these are horrifc paraphrasing of the original links/URLs). There would be all sorts of confusion on the part of users if they receive phishing messages for these kind
> of
> emails.
>
> Maybe there is some kind of PEAR package that does these kind of
> comparisions? I'll take a look when I get the chance.
For someone who is less rusty in C than I am, it would be great if we
could port over some of the phishing code from thunderbird. See:
https://bugzilla.mozilla.org/show_bug.cgi?id=279191
michael
More information about the dev
mailing list