phishing detection bug

John Wilcock john at TRADOC.FR
Fri Feb 18 16:37:29 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Okay, a simple trap for this one would be that the real URL must contain
> at least one "." character. How about that?

What about octal IP-based hostnames?

What about an intranet case, where a hostname only, with no domain part,
could be perfectly valid? Then again this wouldn't be phishing fodder.

To be sure though, how about requiring either a "." or a "/"?

Apart from that, what about relative URLs used with a <BASE HREF=...>
tag? Does your phishing net currently trap these anyway? If not, perhaps
it should.

John.

--
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list