anomy-list

• Previous message: James Nonya: "help"
• In reply to: Claudemir Todo Bom: "link social engineering attack"
• Next in thread: Claudemir Todo Bom: "Re: link social engineering attack"
• Reply: Claudemir Todo Bom: "Re: link social engineering attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Hello.

Claudemir Todo Bom wrote:

> Hi,
>
> I've initiated my tests with anomy sanitizer, and noted that it doesn't
> prevent someone on making a forged message expliting this common social
> exploit:
>
> <a href="http://hell.com/mytrojan.exe">http://www.very-famous-website.com>

A simplier idea. Enforced conversion of "Multipart/Alternative" to
"text/plain", completely deleting "text/html" version. Many people (me
too) believe that hypertext e-mail is still useful mostly for spammers
and those social engineers; more normal people just have no time to
perform markup.

Alexey

>
> a lot of users get tricked by this one, and I think that a simple test
> can be made on anomy sanitizer to prevent this particular user bug.
>
> Best Regards,

• Next message: Claudemir Todo Bom: "Re: link social engineering attack"
• Previous message: James Nonya: "help"
• In reply to: Claudemir Todo Bom: "link social engineering attack"
• Next in thread: Claudemir Todo Bom: "Re: link social engineering attack"
• Reply: Claudemir Todo Bom: "Re: link social engineering attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]