On 2011/11/28 14:36, dar...@chaosreigns.com wrote:
On 11/28, jdow wrote:
Which browser(s) treat addresses of the form
178.000235.0000150.000372 as actual addresses? That seems like a
If you have multiple emails with this pattern that spamassassin is not
catching, please provide them via something like pastebin. We can create
rules to match it, and see if it correlates well to spam. Otherwise,
I'm not sure how relevant this subject is to this list.
Sigh, this is why I asked for experts - people who might know what
browser is vulnerable so the guilty parties could be notified. (I am
betting it's a Microsoft browser if the bug is still present.)
The implication is that it's yet another way to obfuscate addresses. It
is NOT legal in a URL regardless of its legality in C. Any browser that
reads that URL is broken. Which one(s) accept it? They probably have a
gaping vulnerability the URL in question takes advantage of.
The solution to that problem, if it is a problem, is to submit bug
reports to the web browser maintainers. Discussing whether or not it
is a problem, on this list, is probably of limited use.
This may need a formal SpamAssassin rule rather than relying on the old
SARE rules, which did trigger on it. That's up to somebody else to worry
about.
It may be more useful to discuss it on
http://irtf.org/mailman/listinfo/asrg
I can confirm that chromium converts octets starting with 0 to octal. It's
less obvious what firefox does with it.
That's a hint for the people who might want to fix the bug. Someone else
remarked FireFox used to respond to such trash and does not now.
https://bugzilla.mozilla.org/
http://code.google.com/p/chromium/issues/entry
https://bugs.opera.com/wizard/
http://developer.apple.com/bugreporter/
Why bug such people unless their product IS vulnerable? Note that this seems
to be an email trying to get people who have a "vulnerable" browser to click
a specific link. I'd expect that link to be loaded with a zero day or the
likes that the browser exhibits.
I figured people here with their basic interest in security might know of
vulnerable browsers to make progressing to the next logical steps easy. I am
somewhat surprised NOBODY here seems to know.
{^_^}
