funsec mailing list archives
Re: Ilfak's WMF patch v. Microsoft's solution
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Mon, 02 Jan 2006 17:05:58 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Richard M. Smith wrote:
Yep, so the bad guys will have to do social engineering to get people click on a link to spread a worm. I wonder then if a <a href=> tag can use a cid: URL. If so, a worm can be self-contained inside of an HTML email message and not require an external Web site to operate. External Web sites can be shutdown to stop a spreading worm. A self-contained worm OTOH is harder to stop.
At least in Outlook and Outlook Express, a link cannot reference a cid: URI. That's because links aren't displayed in the message pane, so they have no concept of Content-ID headers. In my testing, attempting to use a cid: link fires up IE with a bizarre (non-working) URL like: mhtml:mid://nnnnnnnnn!cid:... I don't think it's possible for a worm on this issue to be fully-automated even to the extent that opening an e-mail could trigger an infection. Some clients are obviously a different story, but Outlook/Outlook Express can't be infected automatically. - -- "Social Darwinism: Try to make something idiot-proof, nature will provide you with a better idiot." -- Michael Holstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDubHWfp4vUrVETTgRA1DeAJ9suWw8wW8p0X65mecIb3k1sYYp2wCgh+FD DGx8iauKajwuLwP5PjgOZo0= =Mwsg -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Ilfak's WMF patch v. Microsoft's solution, (continued)
- RE: Ilfak's WMF patch v. Microsoft's solution Hank Nussbacher (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)
- Re: Ilfak's WMF patch v. Microsoft's solution Alex Shipp (elist) (Jan 03)
- RE: Ilfak's WMF patch v. Microsoft's solution Larry Seltzer (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Larry Seltzer (Jan 02)
- Re: Ilfak's WMF patch v. Microsoft's solution Aviram Jenik (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)
- Re: Ilfak's WMF patch v. Microsoft's solution Matthew Murphy (Jan 02)
- RE: Ilfak's WMF patch v. Microsoft's solution Richard M. Smith (Jan 02)
- Re: Ilfak's WMF patch v. Microsoft's solution Matthew Murphy (Jan 02)
- potential worm exploiting WMF [was: Ilfak's WMF patch v. Microsoft's solution] Gadi Evron (Jan 03)
- Re: potential worm exploiting WMF [was: Ilfak's WMF patch v. Microsoft's solution] Matthew Murphy (Jan 03)