[Dshield] CNN?

Brenden Walker BKWalker at drbsystems.com
Mon Oct 15 19:55:34 GMT 2007


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Deb Hale
> Sent: Monday, October 15, 2007 3:29 PM
> To: 'General DShield Discussion List'
> Subject: Re: [Dshield] CNN?
> 
> I couldn't agree more.  I will not download anything that 
> uses this method.
> I figure that if they have something to hide, I don't need it.

I get the same kinda thing from my bank, also the company I work for has
sent out mass mailings (supposedly opt in, but I'm not sure) that use
external click tracking 'services', leading to some very bogus looking
URL's.  I've explained that to the marketing people, they don't care.


> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org]
> On Behalf Of M Cook
> Sent: Monday, October 15, 2007 1:04 PM
> To: General DShield Discussion List
> Subject: [Dshield] CNN?
> 
> Anyone see the mail from CNN about a desktop alerter? It 
> offers a link to download it:
> 
> Download it now! 
> http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
> 
> But if you hover over it, the link is actually
> 
> http://www.access.cnn.com/xyyabbxx_xzenozx.html
> 
> Now I realize this is probably innocent, probably just to 
> implement some sort of tracking; but don't these folks 
> realize it is the same strategy used by phishers (list one 
> URL, hide the real one)? Why don't they just say "click 
> here", or make the text match the linked URL. Wouldn't it be 
> better if legitimate businesses were straightforward, so only 
> the shady ones were sneaky? Plus if they want to be really 
> helpful, they'd put it on an HTTPS page, so the certificate 
> could be validated...
> 
> (sorry for the rant)
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 
> courses, SANS top instructors.  http://www.sans.org/info/9346
> 
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 
> courses, SANS top instructors.  http://www.sans.org/info/9346
> 



More information about the list mailing list