Content Checks: Detected HTML-specic exploits in h8AGGVSe016972

Mariano Absatz mailscanner at LISTS.COM.AR
Thu Sep 11 15:34:47 IST 2003


El 11 Sep 2003 a las 9:08, mikea escribió:

> > > I suggest you don't paste html into email messages :)
> > Spoken like a true technician!
He sure did!

> 
> There are some HTML thingies (to use a Perlism) that can invoke
> arbitrary programs; these include the ones caught by the "dangerous
> HTML content" rules. But as far as I can see, they're only dangerous
> if you're running a mailer that is stupid enough to let them do these
> things -- e.g., Outlook, Outlook Express, and their ilk. A friend came
> up with a statement that describes the behavior of these mailers very
> exactly:
> 
>         If books were designed by Microsoft, the Anarchist's
>         Cookbook would explode when you read it.
> 
>                         -- Mark W. Schumann
Loved this quote... I just added to my file of auto-added quotes for my 
signature (if you or Mark Schumann don't oppose)
:-)

> 
> To the best of my knowledge, other mailers (e.g., Eudora, Lotus Notes,
> etc.) don't do this, and so it may be less unsafe -- but still not
> necessarily *safe* -- to let these HTML thingies through if you can be
> sure that the MUA is not Outlook or Outlook Express.
The point is that the more stubborn and mindless the user, the higher the 
probability that (s)he _demands_ to use OE 'cause (s)he is used to it and it 
is _definitely_ better to his/her mind... what's more, for sure (s)he has OE 
configured to use HTML by default with a 50Kb gif as background
:-(


--
Mariano Absatz
El Baby
----------------------------------------------------------
It's hard to be humble when you're perfect.




More information about the MailScanner mailing list