[Esd-l] FW: [BT] NOT GOOD: Outlook Express 6 + Internet
Sergio P. Cesar
sergio at winc.net
Mon Apr 5 08:36:18 PDT 2004
> Does anyone else find this troubling?
> This details a method for delivering hazardous e-mail content in a
> way that would not be trapped by the sanitizer.
> It looks pretty slick to me. The recipient is presented with a
> harmless looking message and is tricked into clicking on what looks
> to be an innocent link.
> As for defending against this, I think defanging <FORM> tags might be
> appropriate. (IMHO, I can think of no good reason why I need to
> receive an html form by e-mail anyway.) Consequently, I created the
> attached patch against 1.142 which adds <FORM> tags to the list of
> html tags that are defanged (presuming SECURITY_TRUST_HTML is
> undefined). Comments/opinions?
Attached???? I see nothing attached.
> [demime 0.98e removed an attachment of type application/octet-stream which
> had a name of 1.142.patch]
> Esd-l mailing list
> Esd-l at spconnect.com
More information about the esd-l