a technique like described below certainly works. there are many ways to get to the source to see what characters are there. the problem, though, is that the cid: entry is followed by a whole bunch of ascii characters that evidently mean more than just their random human readable letters. they don't look like hex. i don't know what they are.
ideas, anyone? stan > The technique for discovering where these references point > depends on your email client. > > You need to save the email to a file on hard disk, > then view it with a text reader. Then just > read the html and you can spot the external references. > > With most 'nixes, you could create a folder, move the > questionable email into it (so that it's isolated from the other > 5 megabytes in your Inbox folder), and navigate into it following > your .Mail or .mail or .Mailbox directory off your roothome (~). > Then open it in vi or whatever. > > If you use outlook by day, then create a new email addressed to > yourself and use the "insert -> item" feature. Once it's in your > inbox, then right click on the attachment, do a "Save As", > name it whatever.txt. Examine it with with notepad. > > Marty > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Turnpike Man > Sent: Thursday, June 03, 2004 12:29 PM > To: Triangle Linux Users Group discussion list > Subject: Re: [TriLUG] destructive spam? > > > slightly better... but without clicking these links, is there any way to > decipher where they are going to take us? > > David M. > > --- [EMAIL PROTECTED] wrote: >> You are familiar with URL's that contain a protocol identifier (http:, > ftp:) >> followed by a host identifier (trilug.org, ftp.ics.uci.edu) followed >> by an object reference (index.html, pub/ietf/uri/rfc2111.txt). >> >> Think of "cid" and "mid:"; as being the URL way to point to an object >> contained within the same MIME-encoded message. >> >> I'd offer an example, but I refuse on principle to create a MIME- >> encoded message. >> >> It tells the HTML-interpreter (which the would-be mark is using to >> read his mail...not that any of us would ever do that...) where to >> find the object it needs to correctly render the HTML page. >> >> I presume that if said HTML-interpreter also has a tendency to >> execute objects it believes to be executable, such a construct >> could be used to cause the execution of code within the local >> context. >> >> Any better? I swear it's all English... >> >> -----Original Message----- >> From: Turnpike Man <[EMAIL PROTECTED]> >> >> > Even after reading, can someone put that in english? thanks! >> > David M. >> > > > > > __________________________________ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ > : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ > : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
