[Pidgin] #15211: Misleading links in chats
Pidgin
trac at pidgin.im
Wed Jul 11 17:09:02 EDT 2012
#15211: Misleading links in chats
--------------------------+-------------------------------------------------
Reporter: bur | Owner: rekkanoryo
Type: enhancement | Status: new
Component: unclassified | Version: 2.10.6
Keywords: |
--------------------------+-------------------------------------------------
It is possible to insert a link in a chat where the text of the link looks
like an URL. For example click on Insert -> Link and type URL
http://badsite.example.com, Description: http://www.google.com
This will cause people to believe they visit google while actually they
will open a potentially harmful site.
I know this is the same behaviour as any webbrowser shows. Also a popup
shows the actual destination of the link.
But I tried this with several buddies and they all fell for it. Apparently
people don't expect this to happen in an IM program. Admittedly even I
fell for it when someone tried it on me.
It's no disadvantage if Pidgin would reject descriptions that are
formatted as an URL. Normally this isn't needed but it can easily be
exploited.
--
Ticket URL: <http://developer.pidgin.im/ticket/15211>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list