Re: Hotmail security hole - injecting JavaScript using <IMG

To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: Re: Hotmail security hole - injecting JavaScript using <IMG
From: ck@xxxxxx
Date: Fri, 7 Jan 2000 10:58:58 +0100
Approved-by: aleph1@SECURITYFOCUS.COM
Delivered-to: bugtraq@lists.securityfocus.com
Delivered-to: BUGTRAQ@SECURITYFOCUS.COM
Reply-to: ck@xxxxxx
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>

On Wed, 5 Jan 2000 11:37:49 +0100, Henri Torgemane wrote:
>> What could be useful would be a tag working like
>> <blockscript key=randompieceofdata>
>>
>> </blockscript key=samepieceofdata>
This would just try to fix one of the symptoms. Something more
fundamentally
is wrong: Data and executable code do not belong together. Violation of
this brought us macro viruses, HTML e-mail that steals passwords, trojans,
etc.

Carsten Kuckuk (only speaking for himself)

Prev by Date: Re: CuteFTP saved password 'encryption' weakness
Next by Date: Re: Announcement: Solaris loadable kernel module backdoor
Previous by thread: Re: Hotmail security hole - injecting JavaScript using <IMG
Next by thread: Re: Hotmail security hole - injecting JavaScript using <IMG LOWSR C="javascript:....">
Index(es):
- Date
- Thread