HTML email (was Re: [LINK] Mozilla - slow progress)
Robin Whittle
rw@firstpr.com.au
Fri, 17 Aug 2001 12:39:17 +1000
Rick Welykochy wrote:
> Bah. HTML-email is source of many sploits, esp. on Windows.
> Ban it. Ban it now!
I list quite a few at:
http://www.firstpr.com.au/sys-admin/HTML-email/
A new one is the ability of Javascript to send things to arbitrary port
numbers, and in some cases to get past the browser's filtering of port
numbers by adding 65,536 to the port number. This is being discussed on
BugTraq at present.
http://www.securityfocus.com
It means that HTML mail or web pages could cause machines inside a
firewall to fire stuff at arbitrary ports and to arbitrary machines,
inside or perhaps outside the firewall.
I guess that with enough of these, you might even be able to focus a
denial of service attack.
Send out a relatively benign email including some joke of picture of a
favourite celebrity nude. Better still, contrive a story of private
revelations about an intimate relationship - and everyone and her or his
dog will email it to all their friends and their pets. Then have a
Javascript thing which sends a lengthy body of stuff to an IP address
based on a DNS name which the perpetrators control. That DNS entry can
be steered to any IP address at all and the volume of stuff could clog
the link to that machine.
- Robin