A user received an email that purports to come from one of our customers with the instructions:
"Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp -- I am a drinker with writing problems. Brendan Behan _______________________________________________ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
