undefined | Better HN

0 pointsyonatan80703y ago0 comments

This is my primary gripe with this whole thread, in most cases where abc.zip would become a link, you could just as well hyperlink it to anything, like in an email, a web page, or a markdown document

0 comments

2 comments · 1 top-level

kpw943y ago· 1 in thread

The difference is the malicious actor and the email sender don't have to be the same person.

A malicious user can craft an email "this is [abc.zip](http://very-bad-website)". Ok nothing new here.

But a non-malicious, who's emailing their mom: "I've attached abc.zip" (and put a abc.zip as attachment).

Here the problem here is a malicious other user has registered abc.zip to download a virus, and the mom's email client highlight abc.zip, and she clicks on it instead of the abc.zip attachment.

reqrbHVPetKGE573y ago

Yes, auto-vivification of links is bad.

j / k navigate · click thread line to collapse