Re: [fw-wiz] HTML Emails and Firewall Security
From: Gary Flynn (flynngn_at_jmu.edu)
Date: 07/31/03
- Previous message: Paul Robertson: "Re: [fw-wiz] Public conferences"
- In reply to: Ron Suarez: "[fw-wiz] HTML Emails and Firewall Security"
- Next in thread: Paul Robertson: "Re: [fw-wiz] HTML Emails and Firewall Security"
- Reply: Paul Robertson: "Re: [fw-wiz] HTML Emails and Firewall Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 07:59:12 -0400
Ron Suarez wrote:
>
> I'm curious how many of you also see this as a threat to your network and
> also filter out html emails?
Assuming that the email is read by a client with no defects that
doesn't process active content (cough, cough) there is still the
privacy/surveillance issue.
Consider if your email to the list was HTML and contained a link to
an image. When read with Microsoft's clients, web clients, and Navigator
in certain configurations, my computer would go fetch the link and
give you my IP address even if I don't reply to your e-mail. If I
forward the message, you'll have a trail of who I forwarded it too.
Nice recon tool in unNATed environments if you're looking for the
desktop IP addresses used by specific individuals or roles.
That said, we have no plans to ban HTML email.
-- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Robertson: "Re: [fw-wiz] Public conferences"
- In reply to: Ron Suarez: "[fw-wiz] HTML Emails and Firewall Security"
- Next in thread: Paul Robertson: "Re: [fw-wiz] HTML Emails and Firewall Security"
- Reply: Paul Robertson: "Re: [fw-wiz] HTML Emails and Firewall Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
