[cryptography] OT: Browsers and Phishing (href tag, title attribute)

Jeffrey Walton noloader at gmail.com
Wed Jan 9 11:29:59 EST 2013


Its hard to combat phishing with secure channels when the browser is a
willing accomplice.

The 'title' attribute on the href tag below is happily displayed by
Safari (http://postimage.org/image/3t1szpvef/).

****

<h2 style="margin:0; padding:0; font:17px arial; color:#069;">PENDING
MESSAGES</h2>
    <p style="margin:0 0 15px 0;">
      <span style="color:#999999;">•</span> There are a total of 4
messages awaiting your response. Visit your <a
href="http://www.asiamusicarts.com.tw/bibles.html" target="_blank"
title="http://linkedin.com" style="color: rgb(0, 102,
204);"><strong>INBOX</strong></a> now.
    </p>
    <div style="border-top: 3px solid #ddd; line-height:3px"> </div>

  <p style="margin: 10px 0;">Don't want to receive email notifications? <a
href="http://www.asiamusicarts.com.tw/bibles.html" target="_blank"
title="http://linkedin.com" style="color: rgb(0, 102, 204);">Adjust your
message settings</a>.</p>
  <p style="color:#999999; font-size:11px;">LinkedIn values your
privacy. At no time has LinkedIn made your email address available to
any other LinkedIn user without your permission. © 2013, LinkedIn
Corporation.</p>



More information about the cryptography mailing list