[vox-tech] OT: one of the most pernicious spams i've ever seen.

[Larry Ozeran]

FWIW I tried to go to the "unencoded" address below and Netscape fails the
DNS lookup, so that browser doesn't do translation.

Also, it looks like somebody has been listening. I tried to go the the
bogus site just now and received a "document not found" in Russian and
English.

- Larry

At 10:39 PM 9/25/03 -0700, you wrote:
>
>On 2003.09.25 21:53, Rob Rogers wrote:
>> On Thu, Sep 25, 2003 at 20:00:51PM -0700, Mitch Patenaude wrote:
>> Sorry. I was thinking back to my earlier email where I was discussing
>> encoding a domain name to look innocuous. Here was my example:
>> 
>> http://www.citibank.com%2e%61%33%6b%73%64%2e%50%69%53%65%4d%2e%4e%65%54
>> 
>> which unencoded becomes http://www.citibank.com.a3ksd.PiSeM.NeT
>> (using the actual base domain from the original email)
>> 
>>  This much your browser would have to decode to do a DNS lookup, and   
>> I've  never seen a browser show it encoded. Whether or not it sends  
>> it  encoded  in the referer, I can't speak with any authority, but I  
>> highly doubt  it  does. As for anything after the servername and/or  
>> port #, I realize  it  does send that encoded. I appologize for not  
>> making myself clear at  first.
>
>The browser doesn't decode this anywhere. If you try to connect to  
>http://%61mazon.com/ that's exactly what it will try to look up the IP  
>address for so that it can connect. Not "amazon.com". %encoding is just  
>a clever hack to send data to a server, not an "official" alternate way  
>of specifying the location of a document.
>
>--
>I usually have a GPG digital signature included as an attachment.
>See http://www.gnupg.org/ for info about these digital signatures.
>My key was last signed 6/10/2003. If you use GPG, *please* see me about
>signing the key. ***** My computer can't give you viruses by email. ***
>
>Attachment Converted: "e:\eudora\attach\Re [vox-tech] OT one of the m1"
>