[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] .MAC Webmail phishing attack

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] .MAC Webmail phishing attack
From: rabbit food <r4bb1t_f00d@xxxxxxxxxxx>
Date: Tue, 23 Mar 2004 08:58:26 +0000 (GMT)

--
Information 
--

It may be possible to redirect a naive .Mac webmail
user, to another site, possibly, one mocked up as
webmail (a user may ignore the fact SSL is not
present).

http://webmail.mac.com/redirect/http://your url

Using unicode representations of the word redirect,
may aid an attacker through "obscuring",
the word - redirect-.

http://webmail.mac.com/%72%65%64%69%72%65%63%74/http://aURLofchoice/

--




        
        


        
        
                
___________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] .MAC Webmail phishing attack
  - From: Peter John Hill

Prev by Date: [Full-Disclosure] Open the WS_FTP Server backdoor to SYSTEM
Next by Date: RE: [Full-Disclosure] Re: [decidedly OFF TOPIC] winxp home expusure (sic)
Previous by thread: [Full-Disclosure] Re: Open the WS_FTP Server backdoor to SYSTEM
Next by thread: Re: [Full-Disclosure] .MAC Webmail phishing attack
Index(es):
- Date
- Thread