[vox-tech] OT: one of the most pernicious spams i've ever seen.

[Ken Bloom]

--/unnNtmY43mpUSKx
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


On 2003.09.25 21:53, Rob Rogers wrote:
> On Thu, Sep 25, 2003 at 20:00:51PM -0700, Mitch Patenaude wrote:
> Sorry. I was thinking back to my earlier email where I was discussing
> encoding a domain name to look innocuous. Here was my example:
>=20
> http://www.citibank.com%2e%61%33%6b%73%64%2e%50%69%53%65%4d%2e%4e%65%54
>=20
> which unencoded becomes http://www.citibank.com.a3ksd.PiSeM.NeT
> (using the actual base domain from the original email)
>=20
>  This much your browser would have to decode to do a DNS lookup, and  =20
> I've  never seen a browser show it encoded. Whether or not it sends =20
> it  encoded  in the referer, I can't speak with any authority, but I =20
> highly doubt  it  does. As for anything after the servername and/or =20
> port #, I realize  it  does send that encoded. I appologize for not =20
> making myself clear at  first.

The browser doesn't decode this anywhere. If you try to connect to =20
http://%61mazon.com/ that's exactly what it will try to look up the IP =20
address for so that it can connect. Not "amazon.com". %encoding is just =20
a clever hack to send data to a server, not an "official" alternate way =20
of specifying the location of a document.

--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 6/10/2003. If you use GPG, *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***

--/unnNtmY43mpUSKx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/c9D9lHapveKyytERAtHGAJsFKH1v4UyZFSpxrq2b2jkJZffoIQCfcjcc
wrtMw3ZMPQ56IDVN37ZP4EA=
=hAIB
-----END PGP SIGNATURE-----

--/unnNtmY43mpUSKx--