[Esd-l] Trapped poisoned Microsoft attachments?
John D. Hardin
jhardin at impsec.org
Sat Feb 15 19:42:28 PST 2003
On Sat, 15 Feb 2003, Scott Taylor wrote:
> >Actually, right now the cause is probably an embedded image or
> >external file reference, for which the default score is 99.
> >
> >There's a config variable for setting the embedded image score, but if
> >the default is too problematic I will dial it back to 20 or so.
> >
> >Comments?
>
> Yeah, I think 99 is a little high for an embedded image, but a
> good number for an external file reference.
I may try to distinguish between a local reference and a URL.
However, there are two completely separate attacks here. The first is
a privacy attack through embedding a web bug, and the second is a file
theft attack through embedding a link to a local file, then convincing
the recipient to send the document back once the file has been
copied into the document.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
96 days until The Matrix Reloaded
More information about the esd-l
mailing list