Re: [fw-wiz] HTML Emails and Firewall Security

From: Fabio Pietrosanti (naif) (fabio_at_pietrosanti.it)
Date: 08/01/03

  • Next message: Irwin Lazar: "RE: [fw-wiz] Gartner on "Deep Packet Inspection"" 
    To: firewall-wizards@honor.icsalabs.com
Date: Fri, 1 Aug 2003 12:05:43 +0200

    Unfortunatelly the Microsoft way of "securing" application often fails:

    http://lists.insecure.org/lists/bugtraq/2003/Jul/0058.html

    And they are not going to fix it.

    On Wed, Jul 30, 2003 at 09:41:50PM -0400, Bill Royds wrote:
    > The new Microsoft Outlook client has several levels of HTML filtering from
    > text only to "html only with no images or script or other links" to html
    > with no script but with embedded images to full blown HTML. The second level
    > (HTML formatting for text but no other HTML) is probably the best for most
    > users. It allows some structure in a message (heading, italic, bold,
    > tabular data) to help convey information in a more readable fashion than
    > plain text, but limits the effects of scripts or web bugs. 

    --
Fabio Pietrosanti ( naif )
E-mail: fabio@pietrosanti.it - naif@sikurezza.org
PGP Key available on my homepage: http://fabio.pietrosanti.it/
--
Security is a state of being, not a state of budget. rfp 
--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Irwin Lazar: "RE: [fw-wiz] Gartner on "Deep Packet Inspection""