Bugtraq mailing list archives
RE: HTML email "bug", of sorts.
From: "David LeBlanc" <dleblanc () mindspring com>
Date: Sun, 19 Aug 2001 12:39:34 -0700
If you're filtering outbound traffic in a corporate environment (something I'd recommend), it will stop that sort of thing. Additionally, if you're just a normal dial-up user, you can stop it by opening your connection icon, choose properties, networking, and make sure "File and Printer Sharing for Microsoft Networks" is unchecked, as well as "Client for Microsoft Networks". The first is off by default, the second is enabled by default. If you are a dial-up user, and not on a home LAN, turning off the Workstation service will accomplish the same thing. Additionally, a home user can enable SMB signing, which also defeats the attack. Rolling out SMB signing in a corporate environment is a bit more complicated.
-----Original Message----- From: thomas.rowe () bankofamerica com
And if you were running WinNT 4 and that referrer pointed to a server advertising a share, NT would send your username and password to try to log you on without your knowledge. It could be grabbed and sent back to your machine, logon, and the atttacker would have all rights to your machince and network that the ID you're using has. (as I've mentioned before, MS has known about this hole since before SP2)
Current thread:
- Re: HTML email "bug", of sorts. thomas . rowe (Aug 19)
- Re: HTML email "bug", of sorts. Thor (Aug 19)
- RE: HTML email "bug", of sorts. David LeBlanc (Aug 20)
- <Possible follow-ups>
- Re: HTML email "bug", of sorts. james_kelley (Aug 19)
- Re: HTML email "bug", of sorts. Alex Prestin (Aug 19)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re[2]: HTML email "bug", of sorts. Mark Tinberg (Aug 20)
- Re: HTML email "bug", of sorts. Peter W (Aug 21)
- Re[2]: HTML email "bug", of sorts. Walter Hop (Aug 20)
- Re: HTML email "bug", of sorts. Bear Giles (Aug 20)
- Re: HTML email "bug", of sorts. Sean Straw / PSE (Aug 21)
- Re: HTML email "bug", of sorts. Curt Sampson (Aug 21)
- RE: HTML email "bug", of sorts. Ben Yu (Aug 20)
- Re: HTML email "bug", of sorts. Jeffrey W. Dronenburg (Aug 21)