On 2/10/01 11:18 PM, "J C Lawrence" <[EMAIL PROTECTED]> wrote:
> There are two particular dangers with HTML email (if assuming no
> other attachment types):
>
> 1) Privacy loss, for instance via a bug image referenced by the
> HTML on a foreign site (ie they get to track who reads the
> message, where, etc).
>
> 2) The ability for the HTML to invoke executable content
> stored on remote systems (eg a mislabelled link).
Yup. But I think it's safe to assume that any user reading HTML email also
is reading HTML off of web sites, and if they're willing to accept those
risks by going to web sites, the risks are no different from HTML-enabled
mail lists. I don't see the need to be MORE secure than other things they
accept as standard usage of the net -- I do see the need to be AS secure,
and to be as secure as I can be without gutting functionality. Zero risk
systems generally have little gain -- it's like investments. If you're
completely risk-averse, you'll never get rich or go broke.
So I don't want to be 100% risk-averse -- I think it's important to manage
that risk, but I don't see that it's an advantage to try to avoid things
where stuff MIGHT happen just because it might, unless the results are
catastrophic (and viruses are by definition catastrophic. Pixel-trackers are
annoying, but also a general fact of life today, and not catastrophic or
destructive).
--
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<[EMAIL PROTECTED]> = <[EMAIL PROTECTED]> = <[EMAIL PROTECTED]>]
Yes, yes, I've finally finished my home page. Lucky you.
"When his IQ reaches 50, he should sell."
