It's just about Internet Explorer again, but it's been known for quite some time now, and as lot of people are using IE...
Well, you know, you can type in adresses in the format of
Code:
http://username:password@hostname
Alright, nothing new.
But if you include ASCII Char 0x01 in the part before the url, only this bit will be shown.
Example: What would you think, this link goes to:
Yeah, well,
LOOKS like it would register you on the boards, including my email as referrer (some websites do this sort of thing).
Ok, that's the first glance. Good informed people know, that there can't be "@"-chars in an url. But who would mistrust that link?
In reality, it will bring you to (my non-existing imaginary) website jetworld.de
All I had to do was copy the signup page of these boards, and steal your password.
It's all shit, innit?
Try THIS link:
http://www.microsoft.com. Looks like you are visiting microsoft.com, but you obviously aren't...
I know, the status bar reveals the truth, but using javascript, you could easily fake it as well...
Bad world :-/