[Esd-l] Mangle of embedded URLs
John D. Hardin
jhardin at impsec.org
Fri Jan 7 09:41:05 PST 2005
On Fri, 7 Jan 2005, Smart,Dan wrote:
> Happy New Year John!
Likewise.
> Since we are getting more and more Phishing emails with bogus
> reply URLs, is (would) it be possible to mangle in such a way that
> the URL is shown in Outlook, but cannot be executed?
Hrm. That would mean *removing* the <A> tag, as unrecognized (mangled)
tags are just ignored.
...try editing a phishing message and changing the <A tag to
something like _A (so that it's no longer a tag) and see if it looks
usable. *that* sort of mangling wouldn't be too hard to do...
Something like "<A" -> "Sanitized clickable link: " would be doable.
What I don't want to do is build a complete HTML parser into the
sanitizer...
> Most of these show a "nice name" but the embedded URL doesn't
> point there.
:)
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
-- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------
More information about the esd-l
mailing list