Here's a couple of better dissections of the subject:

http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms#

And this CSRF gmail hack (still possible in the wild I believe):
http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/

On Tue, Dec 15, 2009 at 3:23 PM, Lisa Kachold <lisakachold@obnosis.com>wrote:

>
>
> On Tue, Dec 15, 2009 at 8:21 AM, Austin William Wright <
> diamondmagic@users.sourceforge.net> wrote:
>
>> Lisa Kachold wrote:
>> >
>> > On Tue, Dec 15, 2009 at 8:00 AM, JD Austin <jd@twingeckos.com
>> > <mailto:jd@twingeckos.com>> wrote:
>> >
>> >     I always send both...  It's 2009, plain text was out in 1985 :)
>> >
>> >
>> > And html allows you to send the gift that keeps on "giving":
>> > http://www.technicalinfo.net/papers/CSS.html
>> Except XSS is specific to HTTP or Javascript, not strictly HTML. Email
>> clients (with exceptions, old versions of Outlook for one example)
>> usually either cannot load external content or won't do it without
>> permission.
>>
> Correct, which is the subject of this thread!
>
> I must send out my Xmas card How to this year again.....
>
>>
>> --
> Skype: (623)239-3392
> AT&T: (503)754-4452
> www.it-clowns.com
> Only the dead have seen the end of war. -Plato
>
>
>
>
>
>
>
>
>
>
>
>


-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato