Tim Tyler <[EMAIL PROTECTED]> writes: > Are there any examples of HTML email causing security problems - outside > of Microsoft's software?
There was a pretty good one that went something like Click this link to download latest security patch! <a href=http://www.mxxxxxx.com.....>Microsoft Security Center</a> where "mxxxxxx" is "microsoft" with the letter "i" replaced by some exotic Unicode character that looks exactly like an ascii "i" in normal screen fonts. The attacker had of course registered that domain and put evil stuff there. > Not so: you disable Java, Javascript and plugins. You leave the ability > to format, colour and hint documents. This is not /that/ difficult. Don't forget disabling Unicode. What happens if you have a <meta redirect=....> tag in the html email that tries to redirect the browser to some other url? -- http://mail.python.org/mailman/listinfo/python-list
