| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: secsquirrel at lycos.com (security squirrel) Subject: Xmas virus on the cards ? It all sounds very much like he's talking about the renamed html - jpg file on the HTTP server. However they say the following: "To avoid difficulties, firms should check their mail filtering systems to ensure they handle emailed images in the same way as other HTML traffic, and should also educate users about this issue." This indicates that the Mail filtering system should be handling the renamed image file. Which logically should also mean that the renamed image file is in the email. >In short, when IE is NOT given any other hints as to the type of content of >a particular link - that is, the link does not come from <A IMG...> or an >HTML email message with MIME type information in it, but simply is pointed >right at http://foo.com/I_am_not_really_an_image.JPG - IE will evaluate the >header bytes of the object, a la the UNIX "file" command, and if it is one >of I think 28 formats that IE can puzzle out, IE will "helpfully" launch it >with the "correct" handler application. ____________________________________________________________ Free Poetry Contest. Win $10,000. Submit your poem @ Poetry.com! http://ad.doubleclick.net/clk;6750922;3807821;l?http://www.poetry.com/contest/contest.asp?Suite=A59101
Powered by blists - more mailing lists