I will be brief. There is a rather lame/concerning technique, most of you know about, that allows JavaScript to be executed upon visiting an image file. This issue is not due to some browser error, although clearly IE has some issues with it, but it is due to web applications not sanitizing user supplied content in a form of links.
I will skip the rest for those who are not interested in this topic. Those who are interested can check this post: http://www.gnucitizen.org/blog/backdooring-images BIDs worth checking out: * http://www.securityfocus.com/bid/3693 * http://www.securityfocus.com/bid/3116 This technique, although not as robust as the QuickTime flow, can be used to write worms for Bulletin Boards, Blogs, Wikis and other types of web systems. I conducted a small survey, which I am not going to disclose, showing quite concerning figures. Has anyone experienced these types of worms yet? -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/