Jargons of Info Tech industry
Paul Rubin
http
Fri Oct 14 09:47:43 EDT 2005
Tim Tyler <tim at tt1lock.org> writes:
> Are there any examples of HTML email causing security problems - outside
> of Microsoft's software?
There was a pretty good one that went something like
Click this link to download latest security patch!
<a href=http://www.mxxxxxx.com.....>Microsoft Security Center</a>
where "mxxxxxx" is "microsoft" with the letter "i" replaced by some
exotic Unicode character that looks exactly like an ascii "i" in normal
screen fonts. The attacker had of course registered that domain and
put evil stuff there.
> Not so: you disable Java, Javascript and plugins. You leave the ability
> to format, colour and hint documents. This is not /that/ difficult.
Don't forget disabling Unicode.
What happens if you have a <meta redirect=....> tag in the html email
that tries to redirect the browser to some other url?
More information about the Python-list
mailing list