Re: [Full-disclosure] (no subject)

From: Valdis.Kletnieks@xxxxxx
Date: Thu, 14 Aug 2008 11:58:27 -0400

On Wed, 13 Aug 2008 10:18:13 -0000, ff0000@xxxxxxxxxxxx said:

Is it safe to follow the link in this email?

Yes, it is safe to visit the Hushmail web site by following the link
provided.

Which is, of course, what any miscreant who wanted you to visit a site that
will drop malware into your browser would say.

The risk is mitigated quite a bit for *this* e-mail because the link is in
a text/plain, so you're either cut-n-pasting the link and can see where you're
going, or your MUA has linkified it but you still can see the actual target.

Unfortunately, most users can't tell the difference between a link in a
text/plain and <a href="http://127.0.0.1";>http://www.goodstuff.com</a> (and
you probably should double-check what your MUA did with the above line :)

Attachment: pgpW5J7mUoo1S.pgp
Description: PGP signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] (no subject)
  - From: ff0000

Prev by Date: [Full-disclosure] Cisco IOS Shellcodes
Next by Date: [Full-disclosure] SUSE Security Announcement: openwsman (SUSE-SA:2008:041)
Previous by thread: Re: [Full-disclosure] (no subject)
Next by thread: [Full-disclosure] [ GLSA 200808-01 ] xine-lib: User-assisted execution of arbitrary code
Index(es):
- Date
- Thread