Here's a couple of better dissections of the subject:
http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms#
And this CSRF gmail hack (still possible in the wild I believe):
http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/
On Tue, Dec 15, 2009 at 3:23 PM, Lisa Kachold <
lisakachold@obnosis.com>wrote:
>
>
> On Tue, Dec 15, 2009 at 8:21 AM, Austin William Wright <
> diamondmagic@users.sourceforge.net> wrote:
>
>> Lisa Kachold wrote:
>> >
>> > On Tue, Dec 15, 2009 at 8:00 AM, JD Austin <jd@twingeckos.com
>> > <mailto:jd@twingeckos.com>> wrote:
>> >
>> > I always send both... It's 2009, plain text was out in 1985 :)
>> >
>> >
>> > And html allows you to send the gift that keeps on "giving":
>> > http://www.technicalinfo.net/papers/CSS.html
>> Except XSS is specific to HTTP or Javascript, not strictly HTML. Email
>> clients (with exceptions, old versions of Outlook for one example)
>> usually either cannot load external content or won't do it without
>> permission.
>>
> Correct, which is the subject of this thread!
>
> I must send out my Xmas card How to this year again.....
>
>>
>> --
> Skype: (623)239-3392
> AT&T: (503)754-4452
> www.it-clowns.com
> Only the dead have seen the end of war. -Plato
>
>
>
>
>
>
>
>
>
>
>
>
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.it-clowns.com
Only the dead have seen the end of war. -Plato
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)