[thelist] RE: Email confirmation: HTML or Plain Text?

ANDREA STREIGHT astreight at msn.com
Wed Nov 10 23:12:35 CST 2004

>From today's US-CERT Cyber Security Alert:

"By convincing a user to view a specially crafted HTML document
   (e.g., a web page or an HTML email message), an attacker could
   execute arbitrary code with the privileges of the user. The
   attacker could also cause IE (or any program that hosts the
   WebBrowser ActiveX control) to crash.

   Reports indicate that this vulnerability is being exploited by
   malicious code propagated via email. When a user clicks on a URL in
   a malicious email message, IE opens and displays an HTML document
   that exploits the vulnerability. This malicious code may be
   referred to as MyDoom.{AG,AH,AI} or Bofra."

US-CERT recommends you send Plain Text Emails to clients and not HTML.

I'm convinced.

Steven Streight
Web Usability Analyst/Web Artist
astreight at msn.com
vaspersthegrate at yahoo.com

More information about the thelist mailing list