[ComradeRob]

Quote:

Originally Posted by JetLinus

It's just about Internet Explorer again, but it's been known for quite some time now, and as lot of people are using IE...

Well, you know, you can type in adresses in the format of

Code:

http://username:password@hostname

Alright, nothing new.
But if you include ASCII Char 0x01 in the part before the url, only this bit will be shown.

Example: What would you think, this link goes to:

Code:

http://pirate.planetarion.com/[email protected]

Yeah, well, LOOKS like it would register you on the boards, including my email as referrer (some websites do this sort of thing).
Ok, that's the first glance. Good informed people know, that there can't be "@"-chars in an url. But who would mistrust that link?

I probably wouldn't have noticed it myself. However, I can't see anything too harmful about it.

Quote:

Originally Posted by JetLinus

In reality, it will bring you to (my non-existing imaginary) website jetworld.de
All I had to do was copy the signup page of these boards, and steal your password.

It's all shit, innit?

Try THIS link: http://www.microsoft.com. Looks like you are visiting microsoft.com, but you obviously aren't...
I know, the status bar reveals the truth, but using javascript, you could easily fake it as well...

Bad world :-/

Uh-huh...

If you want to see [i]any[/url] then you have to check the status bar - the link could be 'http://www.evilhackersite.com/trojan.php', the only way to see this would be to check the status bar (or tooltip). So in fact it's no different to a normal link... if you click on a link that you don't trust, you're taking your own risk.

The problem isn't a problem with IE, it's a problem with URLs. The URLs you posted are perfectly valid URLs, and would fool people using other browsers just as easily. The lesson, I suppose, is to be careful about the URLs you click on, no matter which browser you use.