Correction:

On Tue, Dec 15, 2009 at 3:57 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Here's a couple of better dissections of the subject:

http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms#

And this CSRF gmail hack (still possible in the wild I believe):   http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/
That one was patched, this one is still active:

http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215800241


On Tue, Dec 15, 2009 at 3:23 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:


On Tue, Dec 15, 2009 at 8:21 AM, Austin William Wright <diamondmagic@users.sourceforge.net> wrote:
Lisa Kachold wrote:
>
> On Tue, Dec 15, 2009 at 8:00 AM, JD Austin <jd@twingeckos.com
> <mailto:jd@twingeckos.com>> wrote:
>
>     I always send both...  It's 2009, plain text was out in 1985 :)
>
>
> And html allows you to send the gift that keeps on "giving":
> http://www.technicalinfo.net/papers/CSS.html
Except XSS is specific to HTTP or Javascript, not strictly HTML. Email
clients (with exceptions, old versions of Outlook for one example)
usually either cannot load external content or won't do it without
permission.
Correct, which is the subject of this thread!

I must send out my Xmas card How to this year again.....

--
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato














--
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato














--
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato