[Pidgin] #4683: Security: Check href & body parts of links
Pidgin
trac at pidgin.im
Fri Jan 18 23:24:51 EST 2008
#4683: Security: Check href & body parts of links
------------------------+---------------------------------------------------
Reporter: neomenlo | Owner: lschiere
Type: enhancement | Status: new
Priority: minor | Component: unclassified
Version: 2.3.1 | Keywords: security, links, url, virus
Pending: 0 |
------------------------+---------------------------------------------------
Many viruses spread by IM use deceptive URLs to trick the victim to click
them.
For example, I received an IM, but I copy and pasted the location and
noticed the discrepancy.
The link in blue said something like:[[BR]]
[/ http://photobucket.com/numbers/number.jpg][[BR]]
When the URL (href) went to:[[BR]]
[/ http://otherwebsite.com/something.com]
== 1: The URLs do not match ==
I would like to see pidgin automatically check if the urls are different,
and warn the user that the link is high risk and deceptive. However, a few
links are sent with a completely different body by wrapping a few words
with a url.
== 2: The url leads to an executable ==
I don't think I've ever seen an executable transfered via IM protocol. So,
links to executables should also bring up a warning dialog telling the
risks.
--
Ticket URL: <http://developer.pidgin.im/ticket/4683>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list