It opens a new browser window to http://images.free4all.com/pop.html and
then changes focus back to the window you were originally in.
----- Original Message -----
From: "Tim Ault" <[EMAIL PROTECTED]>
To: "Exchange Discussions" <[EMAIL PROTECTED]>
Sent: Wednesday, October 31, 2001 10:47 AM
Subject: E-mail shenanigans
Take a gander at the following code.
I c&p'd it from an HTML-formatted message.
Tell me what it does (then I'll tell you if you are correct).
<SCRIPT language=JavaScript>
<!--
window.open('http://images.free4all.com/pop.html','').blur();
window.focus();
-->
</SCRIPT>
Apart from being really annoying, the obvious risk is that the site that is
opened might contain malicious code that could exploit vulnerabilities not
patched on the box that opens to them. I've taken the precursory step of
disabling Scripting: Active Scripting in OL2k. I'm looking thru the
bulletins to make certain our clients are running under all relevant
patches. AV defs are up-to-date at all levels.
What else might those Gnostics in security minutia recommend..?
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
