HTML email (was Re: [LINK] Mozilla - slow progress)
Fri, 17 Aug 2001 12:39:17 +1000
Rick Welykochy wrote:
> Bah. HTML-email is source of many sploits, esp. on Windows.
> Ban it. Ban it now!
I list quite a few at:
numbers, and in some cases to get past the browser's filtering of port
numbers by adding 65,536 to the port number. This is being discussed on
BugTraq at present.
It means that HTML mail or web pages could cause machines inside a
firewall to fire stuff at arbitrary ports and to arbitrary machines,
inside or perhaps outside the firewall.
I guess that with enough of these, you might even be able to focus a
denial of service attack.
Send out a relatively benign email including some joke of picture of a
favourite celebrity nude. Better still, contrive a story of private
revelations about an intimate relationship - and everyone and her or his
dog will email it to all their friends and their pets. Then have a
based on a DNS name which the perpetrators control. That DNS entry can
be steered to any IP address at all and the volume of stuff could clog
the link to that machine.