At 03:45 PM 5/30/00 +0200, Mikael Olsson wrote:
>Well, one thing we should have learned from the recent Web-based
>E-mail filtering failures (Hotmail has received most coverage,
>but the same problems apply to all of them), is that it is near
>impossible for a firewall to filter active content. There's always
>some new way of injecting scripts in an HTML document.
>
>So, in light of that, I think that all network filters, be it
>SPFs or proxies, should be considered to have no protection
>against embedded active content.
It's worse than that - remember, nobody filters SSL traffic. Firewall
active content filters only work if the attacker is cooperative :-)
-Rick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
