Content Checks: Detected HTML-specic exploits in h8AGGVSe016972
Mariano Absatz
mailscanner at LISTS.COM.AR
Thu Sep 11 15:34:47 IST 2003
El 11 Sep 2003 a las 9:08, mikea escribió:
> > > I suggest you don't paste html into email messages :)
> > Spoken like a true technician!
He sure did!
>
> There are some HTML thingies (to use a Perlism) that can invoke
> arbitrary programs; these include the ones caught by the "dangerous
> HTML content" rules. But as far as I can see, they're only dangerous
> if you're running a mailer that is stupid enough to let them do these
> things -- e.g., Outlook, Outlook Express, and their ilk. A friend came
> up with a statement that describes the behavior of these mailers very
> exactly:
>
> If books were designed by Microsoft, the Anarchist's
> Cookbook would explode when you read it.
>
> -- Mark W. Schumann
Loved this quote... I just added to my file of auto-added quotes for my
signature (if you or Mark Schumann don't oppose)
:-)
>
> To the best of my knowledge, other mailers (e.g., Eudora, Lotus Notes,
> etc.) don't do this, and so it may be less unsafe -- but still not
> necessarily *safe* -- to let these HTML thingies through if you can be
> sure that the MUA is not Outlook or Outlook Express.
The point is that the more stubborn and mindless the user, the higher the
probability that (s)he _demands_ to use OE 'cause (s)he is used to it and it
is _definitely_ better to his/her mind... what's more, for sure (s)he has OE
configured to use HTML by default with a 50Kb gif as background
:-(
--
Mariano Absatz
El Baby
----------------------------------------------------------
It's hard to be humble when you're perfect.
More information about the MailScanner
mailing list