Correction:

On Tue, Dec 15, 2009 at 3:57 PM, Lisa Kachold <lisakachold@obnosis.com>wrote:

> Here's a couple of better dissections of the subject:
>
>
> http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms#
>
> And this CSRF gmail hack (still possible in the wild I believe):
> http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/

That one was patched, this one is still active:

http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215800241

>
>
> On Tue, Dec 15, 2009 at 3:23 PM, Lisa Kachold <lisakachold@obnosis.com>wrote:
>
>>
>>
>> On Tue, Dec 15, 2009 at 8:21 AM, Austin William Wright <
>> diamondmagic@users.sourceforge.net> wrote:
>>
>>> Lisa Kachold wrote:
>>> >
>>> > On Tue, Dec 15, 2009 at 8:00 AM, JD Austin <jd@twingeckos.com
>>> > <mailto:jd@twingeckos.com>> wrote:
>>> >
>>> >     I always send both...  It's 2009, plain text was out in 1985 :)
>>> >
>>> >
>>> > And html allows you to send the gift that keeps on "giving":
>>> > http://www.technicalinfo.net/papers/CSS.html
>>> Except XSS is specific to HTTP or Javascript, not strictly HTML. Email
>>> clients (with exceptions, old versions of Outlook for one example)
>>> usually either cannot load external content or won't do it without
>>> permission.
>>>
>> Correct, which is the subject of this thread!
>>
>> I must send out my Xmas card How to this year again.....
>>
>>>
>>> --
>> Skype: (623)239-3392
>> AT&T: (503)754-4452
>> www.it-clowns.com
>> Only the dead have seen the end of war. -Plato
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Skype: (623)239-3392
> AT&T: (503)754-4452
> www.it-clowns.com
> Only the dead have seen the end of war. -Plato
>
>
>
>
>
>
>
>
>
>
>
>


-- 
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato