AW: annoying HTML postings
mbartkow at ET.PUT.Poznan.PL
mbartkow at ET.PUT.Poznan.PL
Thu May 27 18:39:35 CEST 1999
Colin F. wrote:
> Have you seen any examples of a virus that can embed malicious Java in HTML
> mail produced by an e-mail application that has an option to send mail in
> HTML format ?
> This is a different and more complicated process than embedding a nasty
> applet in a web page.
> Extrapolating vulnerabilities in web browsing infected HTML to the
> possibility of getting a virus from HTML formatted mail is a big leap.
To be honest, I have *only* seen a nasty Java applet embeded into E-mail,
that completely wiped out recipient's mailbox and address book. That's
enough for me to believe such thingy might modify the operation of a
mail program and cause to be included in each outgoing E-mail. Many
contemporary applications are built in a form of some core and scripts
performing the external tasks. Most of current WinWord is written in its
own WordBasic, for example. Nothing wrong with it, but it is easy to
modify its operation by altering those scripts.
> If you're worried about Java virii, then you should stop surfing the web now
> and worry about HTML e-mail Java attacks later.
I don't, since I have Java permamently switched off in my Netscape browser.
> IMO Anyone who doesn't take regular system backups and run up-to-date virus
> software is asking for trouble anyway.
Right, but this only prevents from attack consequences, not from the attacks
themselves.
> Can we talk synths now ?
I promise to do so in my next posting in order not to mess threads up.
regards,
m.b.
More information about the Synth-diy
mailing list