[kdepim] [Bug 469930] New: Scam detection: Consider misleading substitute characters in URL userinfo
Mia Herkt
bugzilla_noreply at kde.org
Thu May 18 09:29:15 BST 2023
https://bugs.kde.org/show_bug.cgi?id=469930
Bug ID: 469930
Summary: Scam detection: Consider misleading substitute
characters in URL userinfo
Classification: Applications
Product: kdepim
Version: GIT (master)
Platform: unspecified
OS: All
Status: REPORTED
Severity: normal
Priority: NOR
Component: messageviewer
Assignee: kdepim-bugs at kde.org
Reporter: mia+kde at 0x0.st
Target Milestone: ---
Recently, some new gTLDs like .zip have been getting a lot of attention, with
people pointing out how easily they can be used to mislead users. One the ways
this can be done is to use the @ symbol and characters like ∕ (U+2215 DIVISION
SLASH):
https://download.kde.org∕stable∕krita∕5.1.5∕@kritax64515.zip
The above URL leads to a domain called kritax64515.zip – what looks like a path
on the download.kde.org domain to an unsuspecting user is merely the userinfo
subcomponent of that URL.
It is probably a good idea to try and detect this.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list