Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security Warning

2 views
Skip to first unread message

John Legenhausen

unread,
Nov 1, 2001, 8:45:03 AM11/1/01
to
I get the following warning at site http://www.maccentral.com and a couple of other mac sites. I get this warning in the windows version of opera as well as the mac versions.

"Security Warning: You are about to go to an address that contains a user name before the server name ........"

There is an image tag that has src="http://www.macsol...@mosaiccomputing.com/macsol/v.nclk?13" causing this warning

Is there anyway to disable this warning? I couldn't find anything in preferences or in opera.ini

Haavard K. Moen

unread,
Nov 1, 2001, 12:07:08 PM11/1/01
to

'fraid not, but you should probably submit a bug report about this
one:

http://www.opera.com/support/bugs/

If can you include the details you mentioned above, that would be
nice.

--
Håvard K. Moen, Opera Software

Marty

unread,
Nov 1, 2001, 3:51:32 PM11/1/01
to
"Haavard K. Moen" <hkm...@opera.invalid> wrote in message
news:i703ut8eppv5q2m9f...@4ax.com...

I would also complain to the website.
There is *NO* reason to encode a URL in this fashion.
Everything to the left of the "@" symbol is ignored.
Spammers use this as a technique to fool users into believing they are going
to a particular site. As in the example below:

http://www.c...@mosaiccomputing.com/macsol/v.nclk?13

Not really CNN is it?

Haavard K. Moen

unread,
Nov 2, 2001, 11:13:12 AM11/2/01
to
On Thu, 1 Nov 2001 12:51:32 -0800, "Marty"
<mar...@gameroomgoodies.com> wrote:

> I would also complain to the website.
> There is *NO* reason to encode a URL in this fashion.
> Everything to the left of the "@" symbol is ignored.
> Spammers use this as a technique to fool users into believing they are going
> to a particular site. As in the example below:
>
> http://www.c...@mosaiccomputing.com/macsol/v.nclk?13
>
> Not really CNN is it?

It is probably used to log page hits or something, but could of course
potentially be used for something more "sinister". Do you think the
warning should stay even for images?

Marty

unread,
Nov 2, 2001, 3:41:23 PM11/2/01
to
"Haavard K. Moen" <hkm...@opera.invalid> wrote in message
news:mgh5ut4j8uo5uhvqo...@4ax.com...

Yes, I believe the warning should stay for a few reasons:

1. Many file types can be masked as image files.
2. The image may use a clickable image map.
3. It is possible to manipulate cookies through image requests.
4. You can call a cgi script from the image tag.

In this particular case the URL above seems harmless enough.

A dishonest person could use this method to request personal information
from a user, tricking the user into thinking they are sending the
information to a reputable source. This most commonly occurs in spam email.

0 new messages