Re: Hotmail security hole - injecting JavaScript using <IMG

Subject: Re: Hotmail security hole - injecting JavaScript using From: ckRIB.DE
Date: Fri Jan 07 2000 - 03:58:58 CST

• Next message: Thompson, Zach, CPG: "Re: Netscape Communicator 4.7 exploit [NT/win2k]."
• Previous message: Darren Reed: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
• Maybe reply: ckRIB.DE: "Re: Hotmail security hole - injecting JavaScript using <IMG"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Jan 2000 11:37:49 +0100, Henri Torgemane wrote:
>> What could be useful would be a tag working like
>> <blockscript key=randompieceofdata>
>>
>> </blockscript key=samepieceofdata>
This would just try to fix one of the symptoms. Something more
fundamentally
is wrong: Data and executable code do not belong together. Violation of
this brought us macro viruses, HTML e-mail that steals passwords, trojans,
etc.

Carsten Kuckuk (only speaking for himself)

• Next message: Thompson, Zach, CPG: "Re: Netscape Communicator 4.7 exploit [NT/win2k]."
• Previous message: Darren Reed: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
• Maybe reply: ckRIB.DE: "Re: Hotmail security hole - injecting JavaScript using <IMG"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Jan 07 2000 - 12:57:51 CST