On 05 February 2005, 12:52, Alexander S. Kunz wrote: >> External images can be used for malevolent purposes. For example, as >> web beacons to track your usage, or for spammers to verify your e-mail >> address. So, yes, displaying html images direct from the web in e-mail >> can hurt.
> This is a privacy, not a security issue. For that very reason the wish to > add a sender to a list of "trusted senders" from whom remote images are > allowed exists. Or a simple menu entry "download images now". ~~~ FWIW, I didn't claim it to be either a security or a privacy issue - just something that I don't want. However, there are known security issues with html images that can cause buffer overruns and, in the right (or should that be wrong!) circumstances, give an attacker control over your computer. AFAICT, the attack works because an external resource (which may be an image) has a specifically-formatted URL. I've lost count of the number of "security updates" that MS has issued to plug such holes that wouldn't exist if MS MUAs behaved like TB with respect to external resources. HTH, -- Geoff Lane Cornwall, UK -- Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 eschew obfuscation. ________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
