[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri Mar 3 22:52:36 2006
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Using domain whois information for fun and
profit
Steven Rakick wrote:
>Let me ask you something.
>
>If I send an email to full disclosure with cookie
>theft JS in the body of my message and some Fucktard
>email reader executes it, would you blame Mailman or
>the Fucktard email reader?
>
>
>
Bad example.
Mail routing programs are supposed to be liberal in their acceptance of
body content because there are all kinds of valid uses of that type of
content allowable in e-mail. The same is not the case for whois
output. Whois output is not, by design, supposed to contain script as
far as I'm aware.
-bkfsec
Powered by blists - more mailing lists