Re: link social engineering attack

From: Alexey Lobanov (
Date: Thu 26 Feb 2004 - 07:43:30 GMT

  • Next message: Claudemir Todo Bom: "Re: link social engineering attack"


    Claudemir Todo Bom wrote:

    > Hi,
    > I've initiated my tests with anomy sanitizer, and noted that it doesn't
    > prevent someone on making a forged message expliting this common social
    > exploit:
    > <a href="">>

    A simplier idea. Enforced conversion of "Multipart/Alternative" to
    "text/plain", completely deleting "text/html" version. Many people (me
    too) believe that hypertext e-mail is still useful mostly for spammers
    and those social engineers; more normal people just have no time to
    perform markup.


    > a lot of users get tricked by this one, and I think that a simple test
    > can be made on anomy sanitizer to prevent this particular user bug.
    > Best Regards,

    hosted by