[dev] Re: [cvs] commit: framework/MIME/MIME/Viewer html.php

Jan Schneider jan at horde.org
Thu Mar 10 03:30:07 PST 2005 

Zitat von Michael M Slusarz <slusarz at bigworm.curecanti.org>:

> Quoting Michael M Slusarz <slusarz at mail.curecanti.org>:
>
>> Quoting Jan Schneider <jan at horde.org>:
>>
>>> Zitat von Michael M Slusarz <slusarz at curecanti.org>:
>>>
>>>> slusarz     2005-03-03 22:12:37 PST
>>>>
>>>>  Modified files:
>>>>    MIME/MIME/Viewer     html.php
>>>>  Log:
>>>>  More phishing tweaking
>>>>
>>>>  Revision  Changes    Path
>>>>  1.23      +10 -3     framework/MIME/MIME/Viewer/html.php
>>>
>>> This won't work, because a lot of countries regularly use 4 parts in
>>> their hostname so that www.bbc.co.uk/ would match www.evil.co.uk/.
>>
>> Didn't think about those last night (obviously).
>>
>>> And I consider it really dumb from the sender to use different
>>> hostnames in the link and target. Did you meet a real world example of
>>> such a case?
>>
>> Sure, all sorts of (valid) commercial emails I receive.  An example I
>> saw yesterday - an email from Orbitz.  The links were displayed as
>> "http://www.orbitz.com/hotdeal" while the actual href was
>> "http://email.orbitz.com/email_click_tracker?url=http://www.orbitz.com/hotdeal" (obviously, these are horrifc paraphrasing of the original links/URLs).  There would be all sorts of confusion on the part of users if they receive phishing messages for these 
>> kind
>> of
>> emails.
>>
>> Maybe there is some kind of PEAR package that does these kind of
>> comparisions?  I'll take a look when I get the chance.
>
> For someone who is less rusty in C than I am, it would be great if we
> could port over some of the phishing code from thunderbird.  See:
> https://bugzilla.mozilla.org/show_bug.cgi?id=279191

Nice idea. It's actually JS, and the current code can always be found 
at 
http://lxr.mozilla.org/seamonkey/source/mail/base/content/phishingDetector.js. 
I will take a look at it when I find the time and if noone beats me at 
it.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

More information about the dev mailing list