> Just a quick OT question. I can understand obfuscating malware > links in order to allow email filters to let messages through > (though we should have all whitelisted the mailing lists we are > on) and I can understand doing it to prevent the inadvertent brain > fail and unintentional click. > > Why is it necessary to do so for Microsoft's update URLs?
For one simple reason: this is a public mailing list, I am a (somewhat) untrusted sender, and I didn't want readers to think that I could be (through html/javascript) redirecting them to "update.microsoft.com.evil.web.site/v6/blah/blah/...". Then again, anyone clicking on links from public mailing lists sent by untrusted senders probably (hopefully??) already turned off html/javascript in their e-mails already. --Keith Keith Young, Security Official Department of Technology Services Montgomery County, Maryland phone - (240) 777-2955 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
