On Wed, Jul 14, 2010 at 10:32 AM, Chris Evans <[email protected]> wrote: > On Wed, Jul 14, 2010 at 10:19 AM, Juan Galiana <[email protected]> wrote: >> In fact, open redirect is considered a vulnerability commonly involved in >> phishing attacks. > > .... by people who have a cursory but non-thorough understanding of security. > > http://scarybeastsecurity.blogspot.com/
Oops, the long-term link is: http://scarybeastsecurity.blogspot.com/2010/06/open-redirectors-some-sanity.html Cheers Chris > > To be fair, it is an area of some subtlety involving what browsers do > and do not guarantee in terms of security indicators; and more > importantly, misconceptions around capabilities and mindset of the > less-technical end users that we as a community are trying to protect. > > > Cheers > Chris > >> >> http://www.owasp.org/index.php/Open_redirect >> >> On Wed, Jul 14, 2010 at 6:03 PM, Mario Vilas <[email protected]> wrote: >>> >>> did you actually try the link? cause it worked for me... >>> >>> On Wed, Jul 14, 2010 at 12:14 PM, McGhee, Eddie <[email protected]> >>> wrote: >>>> >>>> come on what's funny about encoding a url? you don't see this as >>>> a vuln????? REALLY???? geez peace... >>>> ________________________________ >>>> From: [email protected] >>>> [mailto:[email protected]] On Behalf Of Marshall >>>> Whittaker >>>> Sent: 13 July 2010 21:17 >>>> To: [email protected] >>>> Subject: [Full-disclosure] Google auto redirect >>>> >>>> I don't really consider this a vulnerability, but it's funny. >>>> >>>> >>>> http://www.google.com/search?q=%79%61%68%6F%6F&ie=ISO-8859-1&source=hp&hl=en&btnI=I%26%2339;%69%6D%2B%46%65%65%6C%69%6E%67%2B%4C%75%63%6B%79 >>>> >>>> -- oxagast >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> >>> -- >>> HONEY: I want to… put some powder on my nose. >>> GEORGE: Martha, won’t you show her where we keep the euphemism? >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
