On Wed, Jul 25, 2001 at 05:52:41PM -0700,
Thomas Duffy wrote:
> if you look at the source of the email, it has two urls
> embedded in it...
There was an interesting attack described on BugTraq recently in
which the possibility of embedding a link in an email image tag
to anything you've got autologin from your browser set up for
was discussed. The most interesting musing was something like
embedding a "sell stock X" link or the like in an image tag;
you'd simply have to open the email for reading and, if you've
made things more convenient for yourself by having your password
remembered by your browser/email client, the stock would be
sold, without your knowledge or consent (or, for that matter,
the attacker's knowledge).
I've obviously simplified, and I've obviously drifted off topic.
Those interested might like to check out the full discussion:
http://www.securityfocus.com/templates/archive.pike?list=1&mid=191390
Andrew Klaassen
|