[WikiEN-l] Re: About copyright violations
Richard Grevers
lists at dramatic.co.nz
Thu Jul 31 01:01:58 UTC 2003
On Wed, 30 Jul 2003 17:06:28 -0700, Delirium <delirium at rufus.d2g.com> gave
utterance to the following:
> Vicki Rosenzweig wrote:
>
>> What's wrong with HTML is
>>
>> * It can contain viruses, tracking software, and other malware (as
>> explained in the message you're replying to)
>> * It enforces the appearance of a message on the reader, whether
>> she likes it or not (sometimes things like black on dark blue)
>> * It takes up a lot more space, which is a problem for people on
>> dialup lines or with space-limited mailboxes.
>
> I don't see how an HTML message could possibly contain a virus, unless
> you have a horribly broken mailreader.
80% of PC users have a horribly broken mailreader - it comes with their OS.
I can recall an instance of a Chinese fireworks website where there were
two thumbnail images on a page of about 20 where clicking the thumbnail
served not a jpg image but a vbs scripted virus or bomb. While IE blindly
trusts the extension rather than checking the MIME type as per the
standard, both Opera and Mozilla simply reported that they could not open
the resource. Fortunately the computer I was using when I tried it in IE
was not my work one, because the C: drive had to be wiped and the OS
reinstalled from scratch. And the nasty got straight past an up-to-date AV
program.
If such an image was called from an email, you could be toast if using
client which uses IE as its HTML renderer, without a single click. The
vulnerability has probably been patched by now (but who knows, there are
still unpatched vulnerabilities published 18 months ago) and how many
people have their OS fully patched.
As a result, I do not have vbs or activeX installed on my computers any
more.
--
Richard Grevers
Atheism is a non-prophet organization
More information about the WikiEN-l
mailing list