Correction: On Tue, Dec 15, 2009 at 3:57 PM, Lisa Kachold <lisakach...@obnosis.com>wrote:
> Here's a couple of better dissections of the subject: > > > http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms# > > And this CSRF gmail hack (still possible in the wild I believe): > http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/ That one was patched, this one is still active: http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215800241 > > > On Tue, Dec 15, 2009 at 3:23 PM, Lisa Kachold <lisakach...@obnosis.com>wrote: > >> >> >> On Tue, Dec 15, 2009 at 8:21 AM, Austin William Wright < >> diamondma...@users.sourceforge.net> wrote: >> >>> Lisa Kachold wrote: >>> > >>> > On Tue, Dec 15, 2009 at 8:00 AM, JD Austin <j...@twingeckos.com >>> > <mailto:j...@twingeckos.com>> wrote: >>> > >>> > I always send both... It's 2009, plain text was out in 1985 :) >>> > >>> > >>> > And html allows you to send the gift that keeps on "giving": >>> > http://www.technicalinfo.net/papers/CSS.html >>> Except XSS is specific to HTTP or Javascript, not strictly HTML. Email >>> clients (with exceptions, old versions of Outlook for one example) >>> usually either cannot load external content or won't do it without >>> permission. >>> >> Correct, which is the subject of this thread! >> >> I must send out my Xmas card How to this year again..... >> >>> >>> -- >> Skype: (623)239-3392 >> AT&T: (503)754-4452 >> www.it-clowns.com >> Only the dead have seen the end of war. -Plato >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > Skype: (623)239-3392 > AT&T: (503)754-4452 > www.it-clowns.com > Only the dead have seen the end of war. -Plato > > > > > > > > > > > > -- Skype: (623)239-3392 AT&T: (503)754-4452 www.it-clowns.com Only the dead have seen the end of war. -Plato
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss