Hyperlinks

Discussion in 'other security issues & news' started by BoaterDave, Oct 25, 2006.

Thread Status:
Not open for further replies.
  1. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    Hi - it's been a while since I've been here so apologies in advance if errors are made :rolleyes:

    Many websites, email messages and Newsgroup posts contain Hyperlinks. Human nature being what it is, one tends (against good security practise!) to simply click on these links. :oops:

    o_O Two questions:

    1. Can something be embedded in a hyperlink itself which, once 'clicked', might be the cause of 'infection' of ones PC with malware ?

    2. Is there any way that a 'third party' (perhaps a Tojan within or via it's base controller) could interfere with a link innocently posted in messages so that, instead of being directed to a bona fide site, one might end up on, say, an 'infected' web site which looks just like the 'real McCoy' - a Spoof site in other words?

    Thank you to anyone who can alay my fears and doubts! ;)

    David
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    Link by itself cannot do much, unless it is a very very long string which contains a large section of code. And then, the code must actually be able to do something.
    Normally, standard links alone are nothing more but a piece of information that tells your browser where to look for data that you want to see. Once the webpage at the desired address is being displayed, if malicious code is included in the webpage, it could potentially cause harm.
    HTML is static. Scripts are dynamic. If you disable scripts, there is very little chance of harm.
    Spoofing sites is also done via scripts. This means that if you do not allow malicious scripts to run, they will not be able to masquerade the "evil" site.
    Another option is for a site to get hacked. But in that case, you cannot know the difference. Still, you should use scripts, even for trusted sites, with care. And preferably run a browser that is more robust, that is - not IE.
    Anyhow, you should be always careful what you do.
    Mrk
     
  3. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    Your reply is much appreciated, Mrkvonic. :thumb:

    Thank you.

    David
     
Thread Status:
Not open for further replies.