Date: 12/14/97 10:02:42 PM From: Pauline van Winsen - Uniq Professional Services Subject: BoS: [SAGE-AU] food for thought.... was Re: Squid are a firewall proxy? To: (""@LOCAL) oops - violated another sage-au unwritten law - never follow-up your own post. can i have another can of spam please? 8-) this came through the comp.risks digest & is pertinent to the discussion of the last few days. enjoy. cheers, pauline Pauline van Winsen pauline@uniq.com.au Uniq Professional Services Pty Ltd www.uniq.com.au PO Box 70, Paddington, NSW 2021, (Sydney) Australia Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000 "The ultimate goal of most girls is usually marriage rather than a continued career in the business world." Choosing a Girl's Career - Book 8, Woman's World, circa 1964. ------------------------------ Date: 28 Nov 1997 03:21:42 GMT From: "braz" Subject: Beware of HTML Mail Approved: darrenr@cyber.com.au X-Originally-To: To: sage-au@sage-au.org.au X-Originated-From: From: Pauline van Winsen - Uniq Professional Services I received a spam mail today that was rather sinister. Many spams that I receive request that you click on the hyperlink to go to their site. This one, however, was much different. I am running IE4.0, and I simply highlighted the new message in my mailbox, and clicked on the subject to read it. It immediately downloaded and initialized a java applet that took control of my browser, opened a session to their site as I sat in amazement. I then quickly (out of fear) stopped the connection to that site, went back to the mail message and viewed the source to see what was in it. Here is the first few lines of the mail - I numbered the lines so they won't be interpreted as HTML/E-mail here: 1. 2. 3. webtour 4. 5. 6. 12. (line 12 repeated for various links at their site) I never really cared much about the spam I received, because it was really non-intrusive for the most part. This, however, was scary. It took control of my IE4 Browser, and forced me to their site. Who knows what the sites web pages do if you let it run its course. Net users, beware. The risks of simply receiving spam have just skyrocketed. Turn off auto-preview mode, and look at the *source* of the message prior to opening the mail item. I never cared about this before, but I really feel violated in some weird electronic sense. Tom Brazil ------------------------------ Date: Sat, 29 Nov 1997 22:56:20 -0500 From: Navindra Umanee Subject: Beware of HTML Mail Approved: darrenr@cyber.com.au X-Originally-To: To: sage-au@sage-au.org.au X-Originated-From: From: Pauline van Winsen - Uniq Professional Services I had a little chuckle when I first read Tom Brazil's little "incident" with HTML mail and Microsoft software. Surely, such a silly thing could not possibly happen to *me* on my relatively secure Linux system. Unfortunately, the exact same thing *did* happen to me and it was quite a sobering experience. Like Tom, I killed Communicator and investigated the matter. My Mail User Agent on Linux is Mutt 0.76 but the *real* culprit was a neat little entry in my ~/.mailcap, text/html; netscape -remote 'openURL(%s)' This was triggered by my MUA on finding "Content-type: text/html" in the headers of the spam mail. Fortunately, the solution in Linux is simple: Remove all such dangerous entries from ~/.mailcap and /etc/mailcap (the latter, incidentally, is maintained automatically by my Debian GNU/Linux system and had the text-browser lynx as the entry for content-type text/html). The risk? Feeling too secure and thinking that it could never happen to you... Navin ---------------------------------------------------------------------