Insert link facilitates phishing attacks
Ashish Gupta
ashmew2 at gmail.com
Tue Nov 19 15:20:48 EST 2013
Even though a person can abuse hyperlinks in all applications that support
it, maybe it's not that bad an idea being safe.
Say A sends to B a link :
http://somethingBadHere
Disguised as
http://pidgin.im
The security check could then follow the WYSIWIG approach and always open
the link visible instead of whatever is contained in the URL.
If a user is dumb enough to click it, he or she might as well get infected
with malware if it's a bad link. But other than that , if it's a bad link
concealed as a good one, just stick to the good one.
And yeah. Tooltips help.
- Ashish
On 11/19/2013 4:18 AM Gasper Zejn <zejn at kiberpipa.org> said unto
devel at pidgin.im:
Pidgin's feature insert link can be used to launch a phishing attack, see
> attached image.
>
> By inserting a link into description link, you can fool a more
> knowledgeable
> person thinking he is clicking a link to page A, when in fact the link will
> take him to page B.
>
> kind regards,
> Gašper Žejn
>
>
> Just like every other application in the history or hyperlinks? You can
do the same in nearly every email client, word, every website, every other
chat client I've ever used...
I can understand the concern but it's not really something that can be
done, especially since even if this is removed, the person could then use a
link shortener to hide the malicious content still...
-Michael
>
> _______________________________________________
> Devel mailing list
> Devel at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/devel
>
>
_______________________________________________
Devel mailing list
Devel at pidgin.im
http://pidgin.im/cgi-bin/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/devel/attachments/20131120/200be809/attachment.html>
More information about the Devel
mailing list