[WikiEN-l] Re: About copyright violations

Richard Grevers lists at dramatic.co.nz
Thu Jul 31 01:01:58 UTC 2003


On Wed, 30 Jul 2003 17:06:28 -0700, Delirium <delirium at rufus.d2g.com> gave 
utterance to the following:

> Vicki Rosenzweig wrote:
>
>> What's wrong with HTML is
>>
>> * It can contain viruses, tracking software, and other malware (as
>> explained in the message you're replying to)
>> * It enforces the appearance of a message on the reader, whether
>> she likes it or not (sometimes things like black on dark blue)
>> * It takes up a lot more space, which is a problem for people on
>> dialup lines or with space-limited mailboxes.
>
> I don't see how an HTML message could possibly contain a virus, unless 
> you have a horribly broken mailreader.
80% of PC users have a horribly broken mailreader - it comes with their OS.

I can recall an instance of a Chinese fireworks website where there were 
two thumbnail images on a page of about 20 where clicking the thumbnail 
served not a jpg image but a vbs scripted virus or bomb. While IE blindly 
trusts the extension rather than checking the MIME type as per the 
standard, both Opera and Mozilla simply reported that they could not open 
the resource. Fortunately the computer I was using when I tried it in IE 
was not my work one, because the C: drive had to be wiped and the OS 
reinstalled from scratch. And the nasty got straight past an up-to-date AV 
program.
If such an image was called from an email, you could be toast if using 
client which uses IE as its HTML renderer, without a single click. The 
vulnerability has probably been patched by now (but who knows, there are 
still unpatched vulnerabilities published 18 months ago) and how many 
people have their OS fully patched.
As a result, I do not have vbs or activeX installed on my computers any 
more.
-- 
Richard Grevers
Atheism is a non-prophet organization






More information about the WikiEN-l mailing list