Re: HTML-encoded mails
HTML-encoded email can be "dangerous" because HTML can contain code that will make calls, or requests, to an
operating system. The HTML code in an of itself is inocuous because it is mostly a data presentation language that
"beautifies" text; however, the hyperlinks, and references within the presentation code can make requests from your
system or another networked system. If created by a malicious programmer, the HTML can perform undesirable actions.
The reason Microsoft email clients (ie. mail readers) are often cited as being vulnerable is because of the integration of
various scripts that are part of the operating system. These scripts which normally perform useful tasks are usually
resident on a PC - they are not always downloaded with the HTML. Additional scripts that are not part of the OS can be
downloaded too and is very much a part of normal internet browsing these days. The HTML-mail can initiate these
scripts when you open the file or click on hyperlinks in the email, hence the potential danger. An improperly configured
email client that has not been reviewed for its security settings can be problematic.
As far as "idiotic," I'd venture to say needless might be the kinder/gentler adjective.
Regards,
Todd Sherman
President
HistoSoft Corporation
A+, Network+
----------------------------------------------------------------------
Date: 25 Nov 2002 09:46:51 -0600
From: JHoffpa464@aol.com
Subject: Re: HTML-encoded mails
why are they
1. DANGEROUS and
2. IDIOTIC.
???????
----------------------------------------------------------------------
<< Previous Message | Next Message >>