Re: Ilfak's WMF patch v. Microsoft's solution

[Matthew Murphy <mattmurphy () kc rr com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Richard M. Smith wrote:
> Yep, so the bad guys will have to do social engineering to get people click
> on a link to spread a worm.  I wonder then if a <a href=> tag can use a cid:
> URL.  If so, a worm can be self-contained inside of an HTML email message
> and not require an external Web site to operate.   External Web sites can be
> shutdown to stop a spreading worm.  A self-contained worm OTOH is harder to
> stop. 

At least in Outlook and Outlook Express, a link cannot reference a cid:
URI.  That's because links aren't displayed in the message pane, so they
have no concept of Content-ID headers.  In my testing, attempting to use
a cid: link fires up IE with a bizarre (non-working) URL like:

    mhtml:mid://nnnnnnnnn!cid:...

I don't think it's possible for a worm on this issue to be
fully-automated even to the extent that opening an e-mail could trigger
an infection.  Some clients are obviously a different story, but
Outlook/Outlook Express can't be infected automatically.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDubHWfp4vUrVETTgRA1DeAJ9suWw8wW8p0X65mecIb3k1sYYp2wCgh+FD
DGx8iauKajwuLwP5PjgOZo0=
=Mwsg
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.