All Unkept
Posted in: Software development  —  May 23, 2005 at 10:11 PM

Phishing phloored

by Luke Plant

It's very satisfying when a feature you programmed is finally tested. A while ago, a security problem was noticed in the e-mail program I use and (occasionally) hack on. The program turns HTML into plain text for viewing (deliberately not supporting full HTML e-mail). The problem comes when you have an e-mail likes like the one below -- it has a URL in the text, but this isn't the one the link actually goes to (the same problem exists for normal HTML e-mail, but is made slightly worse in our case as the e-mail looks like plain text, where this kind of trick isn't usually possible).

The solution we came up with is the dialog box you see in the shot below. This was the first real phishing attack I had experienced that wasn't caught by other mechanisms, and although I realised it was a fake (though, to be honest, not instantly), it's nice to know that the code I had added a while back to help keep us Sylpheed-Claws users safe is still working :-)

screen shot - click for larger image

Comments §

blog comments powered by Disqus