"Mailto:" and Other URI Threats May Target Everyone

avatar

"Mailto:" and Other URI Threats May Target Everyone

If you've been smirking because of the latest security problems coming out of Redmond, such as the Windows XP+IE7+Adobe Acrobat/Reader threat I discussed last week in Didn't Ask for That PDF File? Watch Out!, it may be time to sober up. According to PCWorld.com on Saturday, URI-handling problems like Mailto: are also likely to exist in Windows' biggest rivals: MacOS X and Linux.

URI 101

So, what's a URI? URI is short for "Uniform Resource Identifier." A URI identifies a point of content on the Internet, such as a web page (also known as a URL), an email address, a Telnet server, and so forth (see this PC Magazine page for a list of the most common URI schemes). Of course, URIs are used inside of web browsers, but email clients, word processing programs used as email editors, Adobe Acrobat and Adobe Reader are just a few of the applications that can interact with the mailto: URI, for example. Until now, Microsoft's attitude has been that applications that interact with URIs should be responsible for checking for threats, but that attitude is changing, as evidenced by last week's security advisory: Microsoft has now decided that it's up to the operating system to keep an eye on applications' use of URIs.

All Will Be Revealed..at ToorCon 9!

So, will Linux and MacOS X be the next under the hammer? Attendees at the ToorCon 9 hacker/security conference in San Diego this week will have front-row seats for the latest word on this topic. The presentation URI Use and Abuse is the place to be to learn about the latest threats to all major players in the operating systems game. If security researchers' suspicions about other operating systems are accurate, it looks as if everyone will be in for a few rounds of software updates.

In the Meantime...

...you know the drill. Hover the mouse over a URL or URI from a suspicious source to find out where it really points to, ignore all those dire warnings from "your bank" or from "eBay" that your account's gone down the tubes unless you click now, and, in general: think before you click.

1

Comment

+ Add a Comment
avatar

Bin3ry

IE7 offers the ability to report suspicious websites by being on the page. Maybe they should have a way to report just the link in an email. That way you dont have to put yourself in harms way to report it.

Then again, if you didnt expect and email from someone then you should never open it. I get all kinds of offers from my credit card company thru email but I never open one.

Second, if an offer seems to good to be true, then it is. If you didnt enter for a prize then you probably havent "won" anything but trouble, if you click the link.

edited..I got way off topic there

-Joe-

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.