Insert link facilitates phishing attacks
ashmew2 at gmail.com
Tue Nov 19 15:20:48 EST 2013
Even though a person can abuse hyperlinks in all applications that support
it, maybe it's not that bad an idea being safe.
Say A sends to B a link :
The security check could then follow the WYSIWIG approach and always open
the link visible instead of whatever is contained in the URL.
If a user is dumb enough to click it, he or she might as well get infected
with malware if it's a bad link. But other than that , if it's a bad link
concealed as a good one, just stick to the good one.
And yeah. Tooltips help.
On 11/19/2013 4:18 AM Gasper Zejn <zejn at kiberpipa.org> said unto
devel at pidgin.im:
Pidgin's feature insert link can be used to launch a phishing attack, see
> attached image.
> By inserting a link into description link, you can fool a more
> person thinking he is clicking a link to page A, when in fact the link will
> take him to page B.
> kind regards,
> Gašper Žejn
> Just like every other application in the history or hyperlinks? You can
do the same in nearly every email client, word, every website, every other
chat client I've ever used...
I can understand the concern but it's not really something that can be
done, especially since even if this is removed, the person could then use a
link shortener to hide the malicious content still...
> Devel mailing list
> Devel at pidgin.im
Devel mailing list
Devel at pidgin.im
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel