Re: IE URL obfuscation

From: Christian Mansfield (CMansfield_at_CO.SLC.UT.US)
Date: 12/11/03

  • Next message: securityalerts_at_PENNYSAVERUSA.NET: "Re: More on IE URL obfuscation"
    Date:         Thu, 11 Dec 2003 14:44:53 -0700
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    I've seen a lot of talk on this issue regarding Mozilla, Netscape, and many variants on IE, but nothing mentioned about the Opera browser.

    Opera version 7.23 (build 3227) seems to always display the full link in both hovertext and the status bar. As well, when clicked, a pop-up window appears saying:

            Security warning:
            
            You are about to go to an address containing a username.
            
                    Username: www.microsoft.com[a box appears here]
                    Server: zapthedingbat.com
            
            Are you sure you want to go to this address?

    If the user answers OK, the message will not appear should the same link be clicked on again.

    Christian Mansfield
    Salt Lake County

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: securityalerts_at_PENNYSAVERUSA.NET: "Re: More on IE URL obfuscation"