provided by: 
Originally published at Internet.comBy Razvan Peteanu for SecurityPortal -----------------------------------
About Schemes and Men
Recently, many smiled and Microsoft got angry at a spoof of its Knowledge Base articles posted on a URL starting with "http://www.microsoft.com." Emails went around and people clicked on the link, possibly before looking closer at it. Surprised by the content, they may have checked the URL again, noticing the other "www"-like string in it and figured out it must have something to do with the real host; forwarded the email to friends and then returned to their work.
Today we will look closer at URLs and the associated security implications. "Interesting" ways of using them have been known by spammers for a while, but now the KB spoof and the February issue of Crypto-Gram have made the Internet community more aware of what URLs can do.
Although most Internet users will associate URLs with WWW addresses, or perhaps FTP, Uniform Resource Locators are more general in scope. URLs are standardized in RFC1738, and in their most generic form, they are defined as
:
The best-known scheme is the Common Internet, in which the is the name of a protocol and the is defined as: //:...
Read article at Internet.com site