Hello Geoff Lane & everyone else, on 05-Feb-2005 at 14:15 you (Geoff Lane) wrote:
> FWIW, I didn't claim it to be either a security or a privacy issue - > just something that I don't want. Neither do I, but it doesn't disqualify HTML email as a whole. > However, there are known security issues with html images that can > cause buffer overruns and, in the right (or should that be wrong!) > circumstances, give an attacker control over your computer. AFAICT, > the attack works because an external resource (which may be an image) > has a specifically-formatted URL. I've lost count of the number of > "security updates" that MS has issued to plug such holes that wouldn't > exist if MS MUAs behaved like TB with respect to external resources. But it doesn't disqualify HTML email either just because one or the other programmer screwed up and built code vulnerable to attacks. I have trust in RITlabs to make their code as best as possible. As for pictures with malformed headers that cause buffer overflows and allow code injection, maybe you're save if those are remote images, but if you get the images as an attachment it'll get you, anyway. :) -- Best regards, Alexander (http://www.neurowerx.de - ICQ 238153981) I'd probably be famous now if I wasn't such a good waitress. -- Jane Siberry ________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
