Re: Hotmail security hole - injecting JavaScript using <IMG

From: ckat_private
Date: Fri Jan 07 2000 - 01:58:58 PST

Next message: Grahame Bowland: "Re: Hotmail security hole - injecting JavaScript using <IMG"

Previous message: Darren Reed: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
Maybe in reply to: Georgi Guninski: "Hotmail security hole - injecting JavaScript using <IMG"
Next in thread: Grahame Bowland: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Jan 2000 11:37:49 +0100, Henri Torgemane wrote:
>> What could be useful would be a tag working like
>> <blockscript key=randompieceofdata>
>>
>> </blockscript key=samepieceofdata>
This would just try to fix one of the symptoms. Something more
fundamentally
is wrong: Data and executable code do not belong together. Violation of
this brought us macro viruses, HTML e-mail that steals passwords, trojans,
etc.

Carsten Kuckuk (only speaking for himself)

Next message: Grahame Bowland: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Previous message: Darren Reed: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
Maybe in reply to: Georgi Guninski: "Hotmail security hole - injecting JavaScript using <IMG"
Next in thread: Grahame Bowland: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:05 PDT