On Fri, 2007-08-24 at 16:56 +0100, Ian Malone wrote: > On 24/08/07, Jacques B. <jjrboucher@xxxxxxxxx> wrote: > > > > > WELL YOU LIKE TO LIVE DANGEROUSLY. NEVER CLICK ON A VIRUS WEB PAGE. WEB > > > > > BROWSERS CAN COLLECT THE ADDRESSES OF PEOPLE WHO GO TO THE WEB SITE, > > > > > SO YOU ARE ALREADY COMPROMISED. > > > That being the case, why would he be compromised > > for having visited the site? In this scenario at most the web server > > will have the IP of the person who visited, and the browser they used > > (and some other non-compromising information). > > > > To clarify Aaron's comment: the supplied URL may encode > an id for the mail you received, marking the receiving address > 'live' on a spammer's database. (In fact, marking it live and > read by someone who follows such links, making it more > valuable to them.) This used to be a favourite trick with > 'if you have received this mailing in error click here' type > scams which were aimed at collecting addresses to sell on. > I have no idea whether the current crop of phishers bother > with such tricks or if collecting people's bank account details > is lucrative enough for them. > > -- > imalone > It seems appropriate to tell a story. I was in the room when Java was first announced by a Sun representative to a local Unix user group. It was explained that Java would allow a program from a remote server to run on your local machine through the web browser. In the audience was a group of employees from the Defense Security Command. These are people who have been known to run their computers in a Faraday cage ( a metal cage that prevents radio signals to cross its boundaries). They told the Sun representative that under no circumstances would they allow programs from remote servers to be downloaded onto their machines. And some of you believe it is safe to open a connection to a random phishing or virus web site. Incredible! -- ======================================================================= Q: How do you catch a unique rabbit? A: Unique up on it! Q: How do you catch a tame rabbit? A: The tame way! ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam@xxxxxxxxxxxxx
