Hello Marck, On Mon, 12 Jul 2004 09:55:41 +0100 GMT (12/07/2004, 15:55 +0700 GMT), Marck D Pearlstone wrote:
MDP> Lesse ... setting aside the issue of mail server access, TB connects MDP> to a fixed, named server under your control to fetch smileys, rogues MDP> and PGP keys administrated by a responsible administrator. The name MDP> of the rogue may be specifiable by the sender, but the source is MDP> not. Exploitable? Not from where I'm looking at it. A spammer sends a mail that triggers the download to millions of TB users. They all connect to the same site, a DDoS attack. Maybe not, because they won't connect all at the same time. But the millions of TB users may not be so unrealistic in the future. Or how about this: A spammer uploads a pic that has code it in. When it is downloaded, an automatic message with the email address, rogue-code, and show size will be sent to the spammer. The one who downloaded it will be flooded with ads for shoes. Or, the domain is redirected by a hacker. Instead of downloading a roguemoticon, the user downloads malware. Every time he looks at any picture, his credit card details are sent to the malware author and the fridge stops working. MDP> It's seems pretty clear to me. OE = full sender control. TB = full MDP> user control. TB wins! (as usual). A bit simple (highly unusual for you). (don't hit me) -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Baseball is 90% mental; the other half is physical. (Yogi Berra) Message reply created with The Bat! 2.12 RC/3 under Chinese Windows 98 4.10 Build 2222 A using a Pentium P4 1.7 GHz, 256MB RAM ________________________________________________________ Current beta is v2.12 RC/1 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
