HD DVD / Randomness... : Why not use hashes for the Anti-Phishing Filter? - Dave's Blog

Search
My timeline on Mastodon

HD DVD / Randomness... : Why not use hashes for the Anti-Phishing Filter?

2009 Sep 30, 4:07The hashing part makes sense, but not the 'why no URL query' bit: "But because victim=12345 has already been visited they satisfy condition 2 and they get the 404 page fooling them into thinking the site has already been taken down. So query strings don't really work." You could implement the same thing in the path and even were that not the case there's no telling that removing the query would get you the same page. What's described here is a general method to circumvent the AP filter not an explaination as to why it avoids the query portion of the URL.PermalinkCommentsphishing technical web browser http url hash
Creative Commons License Some rights reserved.