-----BEGIN PGP SIGNED MESSAGE----- Hello out there, At 14:34 03.01.00 , Georgi Guninski wrote: >Georgi Guninski security advisory #1, 2000 > >Hotmail security hole - injecting JavaScript using <IMG >LOWSRC="javascript:...."> ... >Workaround: Disable JavaScript this is a good security hint - but no workaround for hotmail users. hotmail (perhaps only the MS passport service) needs javascript - without it you only get the following message: Sign In Access Error JavaScript required. The browser that you are using does not support JavaScript, or you may have disabled JavaScript. have secure fun, Shalom dann, NOrbert - -- Norbert Luckhardt http://www.heise.de/ct/Redaktion/nl/ Redaktion c't Tel.: +49 511 5352 - 300 Fax: +49 511 5352 - 417 Helstorfer Str. 7 D-30625 Hannover BBS: +49 511 5352 - 301 -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQCVAwUBOHGw3DYMsgdcZ8mpAQFlPwQAooduvRAD24bS85Nh57pUzjQI0ODixpt2 JdZN7LedvWn87ZLDggkQ3c9/NAz7VnPRC40RUjjNWeapED0AMwp+VZdJq3doGOPo LDvmWAQUGX2mWI38rJ196fjlK7mUZoICU/JFDt9gbABF9g/+gk+aXCasmYv+kxqt rFfIU07E5Jc= =WAgc -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:25:45 PDT