Subject: | |
From: | |
Reply To: | |
Date: | Mon, 28 May 2001 14:40:31 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Cleo,
Language=NOHTML only deletes HTML if there is a plain text attachment with
the post.
If you read the links in my original post then you realize that a poster
with malicious intent can create an HTML format email message that could do
anything that they wanted to a recipient's computer. A few of the things
that could be done are:
o reformatting your hard drive,
o flashing your bios,
o cause physical damage by, for instance, changing hardware registers to
make your CPU processor melt.
An enormous number of computers could be destroyed before Anti-Virus vendors
responded with updated AV definitions. It is quite easy to create a payload
that could not be detected by a moderator but be armed when distributed
through the list. Target attacks could be directed to specific individuals,
employees of a specific company, or those residing in a specific country.
I am not exaggerating the danger that could be hiding in any HTML format
email message.
Jim
-----Original Message-----
From: LISTSERV list owners' forum
[mailto:[log in to unmask]]On Behalf Of Scout
Sent: Monday, May 28, 2001 1:38 PM
To: [log in to unmask]
Subject: Re: HTML posts make LISTSERV lists a soft target for hackers
On 28 May 2001, at 11:35, Jim Walker wrote:
> My post was to try to get LSOFT to feel our pain and change
> language=NOHTML to respect list owners intent.
thought it did? I'd rather it be a set command.. so it would be to the
subscriber's intenet... or at least as much as non-complaint email programs
allow.
...Cleo [log in to unmask]
|
|
|