No subject


Thu Jan 15 19:51:16 MST 2009 

nly defense is to run the most recently patched Browser=2C use a mail and a=
ttachment scanner or web based portal (like Gmail) and access mail from a n=
on production system=2C=20

http://wiki.obnosis.com | http://hackfest.obnosis.com | http://nuke.obnosis=
.com
PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM




Date: Thu=2C 29 Jan 2009 08:45:04 -0700
Subject: Re: OT: HTML Emails -- Re: Other than frys where would you get ser=
ver	hardware
From: lthielster at gmail.com
To: plug-discuss at lists.plug.phoenix.az.us



On Thu=2C Jan 29=2C 2009 at 7:31 AM=2C Judd Pickell <pickell at gmail.com> wro=
te:

Not everyone wants to have change a setting while just trying to view their=
 emails. Although to be fair I use gmail so I don't have to be concerned ab=
out it. But I am sure there are people on this list still using Pine or equ=
iv=2C since that is and can be done via commandline like ssh from a phone.

Maybe those folks should just go back to using carrier pidgeons.  Alternati=
ves could include changing to using an email client that would support THEI=
R need to block or convert HTML to text.  Expecting the rest of the world t=
o change to do what they want is just wrong and ain't gonna happen.=20




I am curious=2C how many truly html based emails do we get on this list? I =
would think lately we maybe recieving more=2C given the link structures in =
some emails=3B so maybe it is a concern now?=20
I don't know but I did change to using plain text for some time because of =
 the desires of certain people here.  The loss of functionality was bothers=
ome so I finally switched back to the rich text mode of gmail.


I do understand that html CAN be used for harmful intent but then what can'=
t?  If you want to fear technology=2C don't use it!



Sincerely=2C
Judd


---------------------------------------------------

PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us

To subscribe=2C unsubscribe=2C or to change your mail settings:

http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


--=20
Man is the only animal that laughs and weeps=2C for he is the only animal t=
hat is struck with the difference between what things are and what they oug=
ht to be.

  - William Hazlitt

_________________________________________________________________
Windows Live=99: E-mail. Chat. Share. Get more ways to connect.=20
http://windowslive.com/explore?ocid=3DTXT_TAGLM_WL_t2_allup_explore_012009=

--_a50fe7a8-47cf-4963-8b1b-a7a9b1e3bd20_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
</style>
</head>
<body class=3D'hmmessage'>
HTML (javascript) in email can be used for harmful intent:<br><br>1) XSS tu=
nneling<br>2) URI encoding crafted info/scripts<br>3) Virus [Microsoft]<br>=
4) Worms [RPC]<br><br>Most of these issues are trivially scrubbed with clam=
av (daily updated signatures based on reported virus)=2C spamassassin on th=
e MTA (sendmail=2Cexim=2Cpostmaster=2C commercial versions of mail daemons)=
 on both the sending and recieving side along with 2 tons of spam.<br><br>S=
urfing to Facebook=2C Myspace=2C YouTube=2C Flickr=2C and other sites that =
accept user submitted content is also dangerous.&nbsp=3B Surfing (or access=
ing IRC) from root or another escalated permission user is doubly foolhardy=
. <br><br>Using older Firefox=2C RealPlayer=2C Adobe Flash=2C Opening PDF's=
 and displaying jpg's (all graphics are executable -&nbsp=3B like PDF's - w=
hich can trivially be integrated with scripts) are also dangerous.<br><br>F=
rom my way of thinking=2C that's pretty much everything=2C therefore the on=
ly defense is to run the most recently patched Browser=2C use a mail and at=
tachment scanner or web based portal (like Gmail) and access mail from a no=
n production system=2C <br><br><font size=3D"1">http://wiki.obnosis.com | h=
ttp://hackfest.obnosis.com | http://nuke.obnosis.com<br></font>PLUG HACKFES=
TS - http://uat.edu Second Saturday of Each Month Noon - 3PM<br><br><br><br=
><br><hr id=3D"stopSpelling">Date: Thu=2C 29 Jan 2009 08:45:04 -0700<br>Sub=
ject: Re: OT: HTML Emails -- Re: Other than frys where would you get server=
	hardware<br>From: lthielster at gmail.com<br>To: plug-discuss at lists.plug.phoe=
nix.az.us<br><br><br><br><div class=3D"EC_gmail_quote">On Thu=2C Jan 29=2C =
2009 at 7:31 AM=2C Judd Pickell <span dir=3D"ltr">&lt=3B<a href=3D"mailto:p=
ickell at gmail.com">pickell at gmail.com</a>&gt=3B</span> wrote:<br><blockquote =
class=3D"EC_gmail_quote" style=3D"padding-left: 1ex=3B">
Not everyone wants to have change a setting while just trying to view their=
 emails. Although to be fair I use gmail so I don't have to be concerned ab=
out it. But I am sure there are people on this list still using Pine or equ=
iv=2C since that is and can be done via commandline like ssh from a phone.<=
/blockquote>
<div><br>Maybe those folks should just go back to using carrier pidgeons.&n=
bsp=3B Alternatives could include changing to using an email client that wo=
uld support THEIR need to block or convert HTML to text.&nbsp=3B Expecting =
the rest of the world to change to do what they want is just wrong and ain'=
t gonna happen. <br>
</div><blockquote class=3D"EC_gmail_quote" style=3D"padding-left: 1ex=3B"><=
br>
<br>I am curious=2C how many truly html based emails do we get on this list=
? I would think lately we maybe recieving more=2C given the link structures=
 in some emails=3B so maybe it is a concern now?</blockquote><div>&nbsp=3B<=
/div><div>
I don't know but I did change to using plain text for some time because of&=
nbsp=3B the desires of certain people here.&nbsp=3B The loss of functionali=
ty was bothersome so I finally switched back to the rich text mode of gmail=
.<br><br>
I do understand that html CAN be used for harmful intent but then what can'=
t?&nbsp=3B If you want to fear technology=2C don't use it!<br></div><blockq=
uote class=3D"EC_gmail_quote" style=3D"padding-left: 1ex=3B">
<br><br>Sincerely=2C<br><font color=3D"#888888">Judd<br>
</font><br>---------------------------------------------------<br>
PLUG-discuss mailing list - <a href=3D"mailto:PLUG-discuss at lists.plug.phoen=
ix.az.us">PLUG-discuss at lists.plug.phoenix.az.us</a><br>
To subscribe=2C unsubscribe=2C or to change your mail settings:<br>
<a href=3D"http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss">h=
ttp://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br></block=
quote></div><br><br clear=3D"all"><br>-- <br>Man is the only animal that la=
ughs and weeps=2C for he is the only animal that is struck with the differe=
nce between what things are and what they ought to be.<br>
 &nbsp=3B- William Hazlitt<br><br /><hr />Windows Live=99: E-mail. Chat. Sh=
are. Get more ways to connect.  <a href=3D'http://windowslive.com/explore?o=
cid=3DTXT_TAGLM_WL_t2_allup_explore_012009' target=3D'_new'>Check it out.</=
a></body>
</html>=

--_a50fe7a8-47cf-4963-8b1b-a7a9b1e3bd20_--

More information about the PLUG-discuss mailing list