On 10 Feb 2021, at 12:57, Bill Cole wrote:
On 10 Feb 2021, at 11:17, Kris Deugau wrote:
Bill Cole wrote:
On 9 Feb 2021, at 18:37, Kenneth Porter wrote:
<https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/>
I'm reminded of the recent post suggesting that SA parse QR codes
to feed URLs to block lists.
The email includes a web document pretending to be an Excel
document (double extension .xlsx.hTML) that contains a JavaScript
Morse decoder and a string with the URLs encoded in Morse.
I see two ways to block this: 1) MUAs should ignore code in HTML.
All minimally secure MUAs ignore any embedded JavaScript. Any MUA
written in this century that executes JavaScript should itself be
deemed malware.
Thunderbird and Seamonkey both have it supported and enabled out of
the box.
Are you sure that is true today? It was not so for TBird when last I
looked, but that was some years back.
CONFIRMED: SeaMonkey v2.53.6 (latest version) DOES NOT execute
JavaScript in email.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
