AW: annoying HTML postings
Fraser, Colin J
Colin.Fraser at scottishpower.plc.uk
Wed May 26 16:58:03 CEST 1999
> -----Original Message-----
> From: mbartkow at ET.PUT.Poznan.PL [mailto:mbartkow at ET.PUT.Poznan.PL]
> Sent: 26 May 1999 13:53
> To: synth-diy at mailhost.bpa.nl
> Subject: RE: AW: annoying HTML postings
>
> Unfortunatelly, sending as HTML increases the risk. Viruses
> may have a form
> of JavaScript and Java programs embeded in HTML documents.
> HTML-based readers
> attempt to execute them. Microsoft products are configured by
> default to run
> the scripts without warning. I know, what I am saying, I have
> already seen
> two examples of such behavior.
> In its assumptions, Java is thought of as a "safe" scripting
> language, i.e.
> the script is not allowed to write to disk etc. But it is not
> realized in
> MS's implementation. Under Win95/98 there is enough security
> holes to be
> completey unsafe. Be warned.
Have you seen any examples of a virus that can embed malicious Java in HTML
mail produced by an e-mail application that has an option to send mail in
HTML format ?
This is a different and more complicated process than embedding a nasty
applet in a web page.
Extrapolating vulnerabilities in web browsing infected HTML to the
possibility of getting a virus from HTML formatted mail is a big leap.
If you're worried about Java virii, then you should stop surfing the web now
and worry about HTML e-mail Java attacks later.
IMO Anyone who doesn't take regular system backups and run up-to-date virus
software is asking for trouble anyway.
Can we talk synths now ?
Colin f
More information about the Synth-diy
mailing list