Re: [Full-Disclosure] Phishing scam - Obfuscated url help please

On Fri, 23 Jan 2004 14:48:43 +1300, Nick FitzGerald <nick@virus-l.demon.co.uk> said:

> as the "@" is (incorrectly) interpreted by many browsers (most in terms
> of absolute use) as indicating the username part of the "userinfo" part
> of the generic URI scheme.

RFC2396 - Uniform Resource Identifiers (URI): Generic Syntax

3.2.2. Server-based Naming Authority

   URL schemes that involve the direct use of an IP-based protocol to a
   specified server on the Internet use a common syntax for the server
   component of the URI's scheme-specific data:

      <userinfo>@<host>:<port>

   where <userinfo> may consist of a user name and, optionally, scheme-
   specific information about how to gain authorization to access the
   server. The parts "<userinfo>@" and ":<port>" may be omitted.

      server = [ [ userinfo "@" ] hostport ]

   The user information, if present, is followed by a commercial at-sign
   "@".

      userinfo = *( unreserved | escaped |
                         ";" | ":" | "&" | "=" | "+" | "$" | "," )

   Some URL schemes use the format "user:password" in the userinfo
   field. This practice is NOT RECOMMENDED, because the passing of
   authentication information in clear text (such as URI) has proven to
   be a security risk in almost every case where it has been used.

Looks like a correct interpretation to me.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html