[Dshield] CNN?

Deb Hale haled at pionet.net
Mon Oct 15 20:55:07 GMT 2007


Dr J.  Contradicting me, shame on you.  :) 

You may anytime.  You make a valid point, however, the redirect for
isc.sans.org still indicates that it is a valid isc.sans.org site.  The one
that Brendon pointed out below
(http://www.access.cnn.com/xyyabbxx_xzenozx.html) looks really suspicious
because they use a bunch of nonsensical gibberish.  I am leery of any site
that uses this gibberish especially if I am going to be giving them any
personally identifiable information.  The point that I would like to make is
"if these sites want to do a redirect then they need to use redirects that
don't look suspicious".

Deb

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes Ullrich
Sent: Monday, October 15, 2007 2:53 PM
To: General DShield Discussion List
Subject: Re: [Dshield] CNN?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Sorry to contradict Deb here. But I don't have issues with redirects
like that. They are much more common then you think. For example do you
enter "http://isc.sans.org" or "http://isc.sans.org/index.html" in your
browser? After you log in to DShield/ISC, you are redirected... there
are many situations that may require redirects like this or at least
they will make it much easier to create reasonable URLs and maintain
sanity on the backend.

Phishers use logos... should we get rid of them too and use a text-only web?



Deb Hale wrote:
> I couldn't agree more.  I will not download anything that uses this
method.
> I figure that if they have something to hide, I don't need it.
> 
> Deb
> 
> -----Original Message-----
> From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]
> On Behalf Of M Cook
> Sent: Monday, October 15, 2007 1:04 PM
> To: General DShield Discussion List
> Subject: [Dshield] CNN?
> 
> Anyone see the mail from CNN about a desktop alerter? It offers a link 
> to download it:
> 
> Download it now! 
> http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
> 
> But if you hover over it, the link is actually
> 
> http://www.access.cnn.com/xyyabbxx_xzenozx.html
> 
> Now I realize this is probably innocent, probably just to implement some 
> sort of tracking; but don't these folks realize it is the same strategy 
> used by phishers (list one URL, hide the real one)? Why don't they just 
> say "click here", or make the text match the linked URL. Wouldn't it be 
> better if legitimate businesses were straightforward, so only the shady 
> ones were sneaky? Plus if they want to be really helpful, they'd put it 
> on an HTTPS page, so the certificate could be validated...
> 
> (sorry for the rant)
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346
> 
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346
> 


- --
Johannes Ullrich, SANS Institute, (www.sans.org)

SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
SANS top instructors.  http://www.sans.org/info/9346
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHE8T9PNuXYcm/v/0RA8EtAJ4s9/aToJhlCHMhjr7PPmseBIGQlwCeI1Qi
A6B+zeMPPQ0nHtYRB+NFZNc=
=M38L
-----END PGP SIGNATURE-----
_________________________________________
SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
SANS top instructors.  http://www.sans.org/info/9346



More information about the list mailing list