On Fri, 20 Sep 2002, Bjarni R. Einarsson wrote:
> On 2002-09-18, 16:07:13 (+0200), Andrew wrote:
> >
> > telnet Windows 2000 telnet attempts NTLM authentication (or at
> > least, it did). Network sniffs can can be fed to a
> > password cracking program.
> > about Don't know what this will be doing in mail, and
> > there's some scripting possibilities ..
>
> "about" is already on the list... I don't see the security implications
> of telnet though. How can offering a telnet link be dangerous?
Buffer overflows ? But I _hope_ that's already there.
> > <img src="blah"onmouseover="[code]">
> > <img src="blah>" onmouseover="[code]">
> > &{[code]}; [N4]
>
> I'm gonna have to look into these... :-)
>
> I agree that the most worrying is the "blah>" exploit. That one
> indicates that my parser is broken, and could take some
> head-scratching to fix. Bugger.
This feels like it's just getting too complicated for a security program,
I'm wondering if it might be a good idea for anomy to parse html into a
syntax tree, so you only keep things that you understand, then completely
re-generate the html using only structures you know are safe.
Everything else is assumed to be evil.
--
Rob. (Robert de Bath <robert$ @ debath.co.uk>)
<http://www.cix.co.uk/~mayday>