Re: IE URL obfuscation - Detecting at Exchange Servers
From: Paul Szabo (psz_at_MATHS.USYD.EDU.AU)
Date: 01/01/04
- Previous message: Russ: "Outlook AutoPreview = Trustworthy Computing = F"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 Jan 2004 08:22:01 +1100 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Russ,
You wrote:
> Knowing that people continue to be concerned about the IE URL
> obfuscation technique, I decided to write up and publish a method of
> detecting such bad emails on Exchange Servers at reception time. ...
> http://www.ntbugtraq.com/badurls.asp
Why stop at URL obfuscation? Detect and stop messages with various other,
used-in-the-wild, attacks and viruses. Please see my perl script
http://www.maths.usyd.edu.au:8000/u/psz/pc/checkvirus
for many things you could (should) check for, and
http://www.maths.usyd.edu.au:8000/u/psz/pc/virus.html
for some comments.
Cheers,
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
-----
Editor's Note: The 43rd Most Powerful Person in Networking says...
Marcus Ranum's new book "The Myth of Homeland Security" is now out and is available from http://www.amazon.com/ranum In this hard-hitting review of the homeland security business, Ranum shows us how the problem is vastly harder than it's being made to sound, and how special interests, *** covering, and bureaucracy are threatening to derail any chance of making progress.
-----
- Previous message: Russ: "Outlook AutoPreview = Trustworthy Computing = F"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
