phishing detection bug
John Wilcock
john at TRADOC.FR
Fri Feb 18 16:37:29 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Julian Field wrote:
> Okay, a simple trap for this one would be that the real URL must contain
> at least one "." character. How about that?
What about octal IP-based hostnames?
What about an intranet case, where a hostname only, with no domain part,
could be perfectly valid? Then again this wouldn't be phishing fodder.
To be sure though, how about requiring either a "." or a "/"?
Apart from that, what about relative URLs used with a <BASE HREF=...>
tag? Does your phishing net currently trap these anyway? If not, perhaps
it should.
John.
--
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list