Pidgin

Ticket #4683 (new enhancement)

Opened 3 years ago

Last modified 7 months ago

Security: Check href & body parts of links

Reported by: neomenlo Owned by:
Milestone: Plugin Suggested Component: plugins
Version: 2.3.1 Keywords: security, links, url, virus
Cc:

Description

Many viruses spread by IM use deceptive URLs to trick the victim to click them.

For example, I received an IM, but I copy and pasted the location and noticed the discrepancy. The link in blue said something like:
http://photobucket.com/numbers/number.jpg
When the URL (href) went to:
http://otherwebsite.com/something.com

1: The URLs do not match

I would like to see pidgin automatically check if the urls are different, and warn the user that the link is high risk and deceptive. However, a few links are sent with a completely different body by wrapping a few words with a url.

2: The url leads to an executable

I don't think I've ever seen an executable transfered via IM protocol. So, links to executables should also bring up a warning dialog telling the risks.

Change History

Changed 2 years ago by deryni

  • milestone set to Plugin Suggested

This sounds like a very good plugin idea to me. Especially because the criteria for what should and should not trigger the warning can be variable in different scenarios.

Changed 20 months ago by lschiere

  • owner lschiere deleted

Changed 7 months ago by rekkanoryo

  • component changed from unclassified to plugins
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!