Tap & Hold
Here's a tip; if you tap on a link in an e-mail and hold for a second or two, the URL pops up for your delighted perusal.
Flaws in the Mail and Safari applications bundled with the iPhone leave users of the device at greater risk of phishing attacks. A URL-spoofing vulnerability means that a dodgy domain pointed to by a specially crafted URL can appear to be that of a trusted brand when viewed through the iPhone's mail or Safari browser …
I fail to see how a link to a malicious website sent in a mail would be specific to any particular mail client or device?
If a Nigerian scammer sends you mail and asks you to tell them your bank details, how can you blame any device or software if you are stupid enough to do so?
Of course a baby-with-the-bathtub solution would be to block all email that contains a URL. Is that what this "researcher" suggests the iphone is doing wrong?
Why don't browsers simply implement this simple solution:
When a block of text is marked as url : use that block of text and not an embedded link. Then there is no more hide and seek .... At least give browsers an option flag to use either the embedded link or the text of the link itself. and an option to display either the original text or directly the attached link when rendering the page.
I'm not sure what that shmoo site is trying to tell me?
It comes up with a link saying 'IDN spoofed URL'. You click on that and it comes up with a page saying 'The fake TSG'.
I tried it on firefox and safari and they behave in exactly the same way.
As the fake and 'real' pages have different URLs this to me proves nothing... that links to different pages go to different pages? What am I missing?
I don't why you think this is an issue with the Iphone. The Iphone and all products that Apple make are beyond critism from any mere mortals.
Obviously this is a flaw with the rest of the universe and this need to be changed to ensure that it doesn't impact upon any his Jobiness creations.
PS. Obviously if a similar exploit if found any other operating system then its obvioulsy a major security issue with that system anybody using that system should be struck down by lightning.
Biting the hand that feeds IT © 1998–2021