On Mon, May 23, 2005 at 01:25:35PM -0700, David Cleveland wrote: > I was able to duplicate. After creating the url link, I put the cursor > right after the 'www.' And typed in the 'foo-labs.info'. Then I delete > everything after 'info' and sent it. The link read foo-labs and went to > cybertrion.
After much trials and tribulations, I was able to replicate this. And you know what? IT'S THE EXACT SAME RESULT AS IF SOMEONE HAD CLICKED "EDIT" AND CHANGED THE URL! So, what this means is that there is a "bug" in Outlook by which one can, if one has not clicked off the link since creating it, create a link, alter it, and not have the target altered to the new URL. I say "bug" in quotes because what presumably is going on is the function that updates the target is not called, leaving the old target in there. Is this a security risk? NO! The reporter is a troll or a moron! Since my prior sarcasm was apparently lost on some readers, THIS IS A FEATURE OF HTML! Links can point to other places than the text in between the link tags! If they couldn't, there'd be no point to having links! If you have a problem with this, go back to using Gopher--or better yet, stop using the Internet. We'll all miss your valuable input. Once and for all: THIS IS NOT A VULNERABILITY. Now, can we all let this stupid thread die? Thanks and have a great day. :) -- Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
