[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Suspicious URL in IDS

To: "Kelly Robinson" <caliana1989@xxxxxxxxx>
Subject: Re: [Full-disclosure] Suspicious URL in IDS
From: Andrew Farmer <andfarm@xxxxxxxxx>
Date: Sat, 3 Nov 2007 16:59:12 -0700

On 03 Nov 07, at 16:24, Kelly Robinson wrote:
> Is the following URL valid?  http://www.address.com@xxxxxxxxxxxxxxxxxxxxxx

Technically, yes. (It specifies that the client is to authenticate to 
www.sitenameremoved.ru 
  with the username "www.address.com".) It's often used in phishing  
attempts, though, as a sufficiently long username can be used to  
obscure the actual hostname and path.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Suspicious URL in IDS
  - From: Kelly Robinson

Prev by Date: [Full-disclosure] Suspicious URL in IDS
Next by Date: Re: [Full-disclosure] stop cross posting
Previous by thread: [Full-disclosure] Suspicious URL in IDS
Next by thread: [Full-disclosure] Chris-chan Christian Chandler
Index(es):
- Date
- Thread