[thelist] RE: Email confirmation: HTML or Plain Text?
ANDREA STREIGHT
astreight at msn.com
Wed Nov 10 23:12:35 CST 2004
>From today's US-CERT Cyber Security Alert:
"By convincing a user to view a specially crafted HTML document
(e.g., a web page or an HTML email message), an attacker could
execute arbitrary code with the privileges of the user. The
attacker could also cause IE (or any program that hosts the
WebBrowser ActiveX control) to crash.
Reports indicate that this vulnerability is being exploited by
malicious code propagated via email. When a user clicks on a URL in
a malicious email message, IE opens and displays an HTML document
that exploits the vulnerability. This malicious code may be
referred to as MyDoom.{AG,AH,AI} or Bofra."
US-CERT recommends you send Plain Text Emails to clients and not HTML.
I'm convinced.
Steven Streight
Web Usability Analyst/Web Artist
astreight at msn.com
vaspersthegrate at yahoo.com
www.vaspersthegrate.blogspot.com
www.streightsite.blogspot.com
www.arttestexplosion.blogspot.com
More information about the thelist
mailing list