Comments on: WaPo’s new security blog finds a Firefox flaw http://www.edbott.com/weblog/?p=603 Helping PC users make sense of Microsoft software since 1991 Fri, 20 Nov 2009 18:54:09 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Chris G. http://www.edbott.com/weblog/?p=603&cpage=1#comment-1285 Chris G. Wed, 31 Dec 1969 17:00:00 +0000 http://www.edbott.com/wordpress/?p=603#comment-1285 If I had to guess, seeing how it was a HTML e-mail, could it be that there was a graphic (like a GIF or JPEG) screenshot of a real e-mail embedded into the e-mail itself with a link set to the entire picture. If done "right", in theory no one could notice the difference unless they have images or HTML turned off. Thus, when you click on the content in the e-mail, since it is one giant picture, it could just launch the link (which is exactly how every e-mail client is designed btw). The only way around it would be to attempt to highlight the text to see if it was really text or a picture. Anyways, that is my guess as to what happened. I have no clue how you could design any e-mail client to block a scam like that. If I had to guess, seeing how it was a HTML e-mail, could it be that there was a graphic (like a GIF or JPEG) screenshot of a real e-mail embedded into the e-mail itself with a link set to the entire picture. If done “right”, in theory no one could notice the difference unless they have images or HTML turned off. Thus, when you click on the content in the e-mail, since it is one giant picture, it could just launch the link (which is exactly how every e-mail client is designed btw).

The only way around it would be to attempt to highlight the text to see if it was really text or a picture.

Anyways, that is my guess as to what happened. I have no clue how you could design any e-mail client to block a scam like that.

]]>