Insert link facilitates phishing attacks
kglists at teamblind.de
Thu Nov 21 06:59:43 EST 2013
Couldn't Pidgin ask/warn the user whenever he opens a link whose
description differs from the target?
On 21.11.2013 03:05, Eion Robb wrote:
> Thats not really friendly to IDN links which legitimately have UTF8
> characters in the url (via punycode)
> On 21 November 2013 15:03, Ashish Gupta <ashmew2 at gmail.com> wrote:
>> Probably a helpful post click message box will help the situation,
>> "The link you are trying to open contains characters that are neither
>> alphanumeric nor one of [ "-", "." ...] . Should I still proceed?"
>> - Ashish
>> On 21 Nov 2013 07:06, "Ashish Gupta" <ashmew2 at gmail.com> wrote:
>>> As Mark said, if you just let your browser open the link that is being
>>> shown, the browser will simply open twitter<not a dot>com , which will
>>> ultimately fail with something like a "Please check the URL. Page not
>>> Wouldn't that take care of the problem automatically ?
>>> - Ashish
>>> On 21 Nov 2013 06:53, "Thijs Alkemade" <thijsalkemade at gmail.com> wrote:
>>>> On 21 nov. 2013, at 01:59, Coyo <coyo at darkdna.net> wrote:
>>>>> He's got a point. It wouldn't exactly be a breaking change to silently
>>>> change the anchor's target to the link in the description. descriptions
>>>> such as "click here" are legitimate, but if "twitter.com" links to
>>>> something that isn't "twitter.com/intent/follow" or something within
>>>> the same domain, I can't think of any legitimate use cases that would break
>>>> if this were filtered.
>>>> Then they can still send “twitter,com”, “twitter ̣com”, “twitter¸com”…
>>>> there are probably hundreds of UTF8 characters that, when not examined
>>>> closely, can be confused for a dot. Or hidden characters that will throw
>>>> off your domain name check. Figuring out what might look like an URL to
>>>> users is not as easy as it might sound.
>>>> Devel mailing list
>>>> Devel at pidgin.im
>> Devel mailing list
>> Devel at pidgin.im
> Devel mailing list
> Devel at pidgin.im
More information about the Devel