Compulsory water metering

I don't remember any bug which would run an application by just visiting a page that used that attack method. Didn't the user have to click on the link?

It is irrelevant. There are many applications out there that have or have had bugs in them that allow/allowed people to hijack the machines. html doesn't cause this, bad programming does.

Hadn't pigeons been invented then?

That's what we used inYorkshire, when we weren't racing them.

Mary

No, Mine are just arrogant and well worth reading.

Regards Capitol

Gully Foyle wrote:

Sorry to criticise Jethro, your answer was correct, but in the wrong place.

Regards Capitol

JethroUK© wrote:

Was that to rfc-1149 or to rfc-2549?

You must surely know that Windows uses IE for all HTML rendering, including that found in mail or news. Indeed, Microsoft have claimed that IE was an integral part of W98 and could not be removed.

The point made above is that the user was not offered the choice i.e. that a combination of a benign file description in the header (e.g. 'midi') would cause IE to pass the attachment straight to Windows for execution, even if it was actually an .exe file, and that Windows would execute it unconditionally. There was no need for user intervention, merely displaying the email in OE's preview pane would execute the file.

Since XP SP2, OE will not display graphics in emails by default, but that is a very recent innovation. As far as I know, there are no current bugs in OE which will allow automatic file execution of attachments, but that doesn't mean none will ever be found. You can't execute text.

Already thought of and in use on the internet :-)

Not wishing to be pedantic, but Outlook can certainly display Usenet messages. They are not collected by Outlook but by Exchange, with which Outlook is normally paired in a server-based network.

Certainly it was OE which is responsible for top-posting, due to the nature of many OE users. Outlook is not often used in a domestic environment.

No, the use of pigeons as an underlying physical networking layer wasn't proposed until 1990:

ftp://ftp.rfc-editor.org/in-notes/rfc1149.txt

Like I said bugs exist. There were well known (and exploited) bugs in sendmail but there weren't calls to stop using mail. There were exploited bugs in bind but we still use DNS. Why is a bug in an html processor any different? At least with the html ones there had to be a user unlike the others where no user was required.

I think you are confusing protocols with implimentation which is a bad thing IMO.

You *can* execute text as you have stated previously.

Doh! The cause is irrelevant, the point is that html allows these types of programming errors to be exploited, unlike pure text.

Like I said it isn't html that allowed it in it was a bug.

You don't know that there aren't bugs in readers of plain text that create security holes.

It seems a bit silly to be paranoid about a mark-up language and then still use other applications which aren't bug free (e.g. TCP, mail, widows, Linux, MacOS, etc.). I suggest you stop using the internet as there have been and may well still be bugs in the protocol stacks and applications which could allow harm to machines.

or avin em for uz dinner.

You can use Outlook without using Exchange.

If you do that, then the News component of OE gets used to do that bit.

Did you never do copy con foo.com in DOS?

Admittedly one then had to run foo.com

Owain

I didn't

Mark

You can't remember, as you are senile.

Maxie, Dim Lin, the Oriental enchantress, did not turn dark night into day for you?