[Dshield] CNN?
Deb Hale
haled at pionet.net
Mon Oct 15 19:28:44 GMT 2007
I couldn't agree more. I will not download anything that uses this method.
I figure that if they have something to hide, I don't need it.
Deb
-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of M Cook
Sent: Monday, October 15, 2007 1:04 PM
To: General DShield Discussion List
Subject: [Dshield] CNN?
Anyone see the mail from CNN about a desktop alerter? It offers a link
to download it:
Download it now!
http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
But if you hover over it, the link is actually
http://www.access.cnn.com/xyyabbxx_xzenozx.html
Now I realize this is probably innocent, probably just to implement some
sort of tracking; but don't these folks realize it is the same strategy
used by phishers (list one URL, hide the real one)? Why don't they just
say "click here", or make the text match the linked URL. Wouldn't it be
better if legitimate businesses were straightforward, so only the shady
ones were sneaky? Plus if they want to be really helpful, they'd put it
on an HTTPS page, so the certificate could be validated...
(sorry for the rant)
_________________________________________
SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
SANS top instructors. http://www.sans.org/info/9346
More information about the list
mailing list