full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] (no subject)

Re: [Full-disclosure] (no subject)

From: <Valdis.Kletnieks_at_nospam>
Date: Thu Aug 14 2008 - 15:58:27 GMT
To: ff0000@hushmail.com

On Wed, 13 Aug 2008 10:18:13 -0000, ff0000@hushmail.com said:

> Is it safe to follow the link in this email?
> Yes, it is safe to visit the Hushmail web site by following the link
> provided.

Which is, of course, what any miscreant who wanted you to visit a site that will drop malware into your browser would say.

The risk is mitigated quite a bit for *this* e-mail because the link is in a text/plain, so you're either cut-n-pasting the link and can see where you're going, or your MUA has linkified it but you still can see the actual target.

Unfortunately, most users can't tell the difference between a link in a text/plain and http://www.goodstuff.com (and you probably should double-check what your MUA did with the above line :)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/