RE: The Dangers of Email Archives

From: Tim Hollebeek (thollebeekat_private)
Date: Thu Oct 25 2001 - 10:33:57 PDT

Next message: Thorat_private: "Re: Fwd: Please post this anonymously (without my email-address and such)"

Previous message: PIATT, BRET L (PB): "RE: Fwd: Please post this anonymously (without my email-address a nd such)"
Maybe in reply to: bugtraq: "The Dangers of Email Archives"
Next in thread: zeno: "Re: The Dangers of Email Archives"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>  While this product itself doesn't have a hole in it; it is 
> often used to help
>  to translate mail for other archiving software. I've seen in 
> some examples
>  that email was translated with this tool and archived with 
> other software, and html
>  tags where translated/executed as normal..

There are lots of reasonably similar flaws.  I scared the ****
out of myself when I got a javascript error while reading the
Nimda analysis posted to securityfocus.com.

Parts were generated by just putting <pre> around the relevant
code from Nimda, but IE is more than happy to interpret <script>
within <pre>, which caused me to worry that the securityfocus.com
page had been rewritten by Nimda, until I looked a bit closer.

Be very, very careful how you deal with converting text to html and back.

Tim Hollebeek
Research Scientist
Cigital Labs

Next message: Thorat_private: "Re: Fwd: Please post this anonymously (without my email-address and such)"
Previous message: PIATT, BRET L (PB): "RE: Fwd: Please post this anonymously (without my email-address a nd such)"
Maybe in reply to: bugtraq: "The Dangers of Email Archives"
Next in thread: zeno: "Re: The Dangers of Email Archives"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 11:56:12 PDT