Re: Perplexed - who should I believe?



In article <uzsySoVNGHA.1760@xxxxxxxxxxxxxxxxxxxx>, "Karl Levinson, mvp"
<levinson_k@xxxxxxxxxxxxx> wrote:
I'm an MVP. I've checked out that link and confirmed it goes to =
Microsoft's site. Microsoft's URLs are generally not case sensitive, so =
that even though the letter case may vary in different links posted on =
different pages, they go to the same place. Do note that in web pages =
and HTML-formatted emails and newsgroup postings, there are a variety of =
ways you can have a link that looks like http://www.microsoft.com but =
that actually goes to a different site if you click on the link [instead =
of copying and pasting the link into a web browser].

Karl's correct, but I would still applaud BoaterDave for his concern.

Unless you have a pretty good understanding of URL formats, and the way they
are processed, anything more complex than
http://www.example.com/directoryname/filename.html should be treated as
suspicious.

It's a sad fact that Microsoft have these sesquipedalien links for their
downloads, that look oh-so-similar to the similarly obfuscated links that are
used by phishers to confuse their targets, through public redirectors (Yahoo
is the most frequent example I've seen in the past) and the like. I
understand why this happens - because it's easier for Microsoft to automate -
but it is a mess of code that helps cause the confusion that phishers take
advantage of

It's easier to trust the http://go.microsoft.com/?linkid=4538415 links,
because you can retype those. [Links that you can type into the browser
yourself are much safer than those that you click - there's always the
possibility of a "homograph attack" - something that looks like an 'o', for
instance, but isn't the same code to the computer.]

Does that mean it's safe to trust the http://www.tinyurl.com links? No,
because tinyurl is a public service, that anyone can post a good or bad link
to.

So, BoaterDave, maintain that paranoia and distrust of things you don't
understand - and build up some trust for people who understand more than you.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@xxxxxxxxxx
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
.



Relevant Pages

  • Re: what gives?? Hey Microsoft, HEL-LO....
    ... It's a virus, and as more people click on the attachment ... Take a programming course, and learn more about your system - eventually ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Problems with various windows FTP servers
    ... >Texas Imperial Software WFTPD ... > CWD ... From email received from SnakeByte out of band, ... Texas Imperial Software | Try WFTPD, ...
    (Bugtraq)
  • Re: ssl negotiation failed with Microsoft IIS
    ... They can fail when you write first ssl packet header, ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.platformsdk.security)
  • Re: Security Bug in IE
    ... >people print out the contents of FTP sites, ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • Re: Need argument for scanning at Exchange
    ... should one of your customers get infected ... Disclosure is only one problem - what about corruption of patient data? ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)