On Sunday 22 May 2005 07:28 pm, Peng <[EMAIL PROTECTED]> wrote: > I'm not asking for the list to use HTML. I'm quite happy using plain > text. I was asking why Boyd thought HTML could be a security risk.
1) Parsing HTML adds more places for buffer overflow. Not a huge risk, but it's easier for an attacker to send you mail than it is to get you to visit a webpage. 2) External includes (images, css, etc.) can allow the sender of an HTML email to verify both your email and find a valid IP to add to his "list of systems to probe". [This is less a security risk and more a privacy thing, I suppose.] 3) Scripts, while not enabled on all HTML renders, particularly email readers, execute code on your machine, code you may know nothing about. Sandboxes can be escaped or simply be poorly designed. Keeping your client secured provides protection against 1 and partial protection from 3. Many clients (Kmail and Opera at least) support suppressing external includes preventing 2 from being an issue. AFAIK, no client makes strong attempts to prevent DoS attacks via 3 (though, I have yet to see a DoS attack from that particular source) short of not allowing scripting at all. With non-list mail, you can add sender trust to the equation, which doesn't reduce actual risk, but does add peace of mind. Anyone (including both known and unknown attackers) can join and send mail to most lists, though. I don't think enabling HTML is a big risk. But, the risk does add to the reasons I have for not reading HTML mails. -- Boyd Stephen Smith Jr. [EMAIL PROTECTED] ICQ: 514984 YM/AIM: DaTwinkDaddy -- gentoo-user@gentoo.org mailing list
