On 9 Dec 2005 at 11:35, gep2(_at_)terabites(_dot_)com wrote:
Most users, by default would not need to enable executable attachments coming
from ANYBODY AT ALL. The result of that fairly simple rule would all by
itself
very nearly eliminate E-mail as a vector for distribution of worms and
viruses
(at least, arriving in attachments!).
The virus-laden emails I've seen lately have packaged their payload in a
ZIP file rather than an executable, and have relied on social engineering
to get their targets to open the zip file and execute the contents.
Eliminating HTML in E-mails from unknown/untrusted senders would force most
"phishing" spams out into the open by making it harder to hide misrepresented
URLs... by eliminating cases where a link looks one way but actually "under
the
covers" goes to some rogue server in Romania or the like.
A simple re-coding of mail clients could detect the majority of these URL
mismatches -- when a link in an email is clicked, check the link's
visible text, if it looks like an URL, then compare it to the link's
anchor URL. If they're the same, then everything's okay. Otherwise, pop
up a warning that tells the user that the URL may be a phish.
I know of one mail client that is doing this at present. It really
wouldn't be difficult to do in the others, and would frustrate the
phishers to no end.
Cheers
GRB
--
===========================================================
Greg R. Broderick
gregb(_at_)blackholio(_dot_)dyndns(_dot_)org
-----------------------------------------------------------
Some people are like Slinkies -- not really good for
anything, but they still bring a smile to your face
when you push them down a flight of stairs.
===========================================================
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg