[Esd-l] Mangle of embedded URLs

John D. Hardin jhardin at impsec.org
Fri Jan 7 09:41:05 PST 2005


On Fri, 7 Jan 2005, Smart,Dan wrote:

> Happy New Year John!

Likewise.
 
> Since we are getting more and more Phishing emails with bogus
> reply URLs, is (would) it be possible to mangle in such a way that
> the URL is shown in Outlook, but cannot be executed?

Hrm. That would mean *removing* the <A> tag, as unrecognized (mangled)
tags are just ignored. 

...try editing a phishing message and changing the <A tag to
something like _A (so that it's no longer a tag) and see if it looks
usable. *that* sort of mangling wouldn't be too hard to do...

Something like "<A" -> "Sanitized clickable link: " would be doable.

What I don't want to do is build a complete HTML parser into the
sanitizer...

> Most of these show a "nice name" but the embedded URL doesn't
> point there.

:)

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org    FALaholic #11174    pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------


More information about the esd-l mailing list