[Full-disclosure] Suspicious URL in IDS
Andrew Farmer
andfarm at gmail.com
Sat Nov 3 23:59:12 GMT 2007
On 03 Nov 07, at 16:24, Kelly Robinson wrote:
> Is the following URL valid? http://www.address.com@www.sitenameremoved.ru
Technically, yes. (It specifies that the client is to authenticate to www.sitenameremoved.ru
with the username "www.address.com".) It's often used in phishing
attempts, though, as a sufficiently long username can be used to
obscure the actual hostname and path.
Full-Disclosure is hosted and sponsored by Secunia.