Re: URLs hidden in Morse code

On Fri, 12 Feb 2021, Bill Cole wrote: On 12 Feb 2021, at 4:10, Pedro David Marco wrote: On Thursday, February 11, 2021, 09:49:35 PM GMT+1, Bill Cole wrote: Web-based MUAs (SquirrelMail, Horde, GMail, Outlook Web Access, etc.)  brought back some support for JavaScript in mail, but as I un

Re: URLs hidden in Morse code

On 12 Feb 2021, at 4:10, Pedro David Marco wrote: On Thursday, February 11, 2021, 09:49:35 PM GMT+1, Bill Cole wrote: Web-based MUAs (SquirrelMail, Horde, GMail, Outlook Web Access, etc.)  brought back some support for JavaScript in mail, but as I understand some of them do some defanging

Re: URLs hidden in Morse code

On Thursday, February 11, 2021, 09:49:35 PM GMT+1, Bill Cole wrote: >Web-based MUAs (SquirrelMail, Horde, GMail, Outlook Web Access, etc.)  >brought back some support for JavaScript in mail, but as I understand >some of them do some defanging of scripts and the advancement of browser

Re: URLs hidden in Morse code

On 11 Feb 2021, at 10:36, Kris Deugau wrote: After a close look again at Thunderbird I've apparently been misreading one of the about:config flags (javascript.enabled), although if it's not for email HTML rendering I'm not sure what it's used for. Thunderbird will open links in its own windo

Re: URLs hidden in Morse code

Kris Deugau wrote: Thunderbird and Seamonkey both have it supported and enabled out of the box.  I would not be surprised if Outlook did, along with no way to disable it.  Mac Mail probably does, again likely with at best a tedious hassle to disable it.  Windows Mail (AKA "the descendant of Out

Re: URLs hidden in Morse code

On 2/10/2021 11:30 AM, Bill Cole wrote: CONFIRMED: SeaMonkey v2.53.6 (latest version) DOES NOT execute JavaScript in email. I don't think the intent is to run it in the MUA. It's probably distributed as an attachment (ie. inline) to save to disk and be viewed outside the MUA in a normal brow

Re: URLs hidden in Morse code

Kris Deugau schrieb am 10.02.2021 um 17:17: Bill Cole wrote: On 9 Feb 2021, at 18:37, Kenneth Porter wrote: All minimally secure MUAs ignore any embedded JavaScript. Any MUA written in this century that executes JavaScript should itself be deemed malware. Thunderbird and Seamonkey both hav

Re: URLs hidden in Morse code

On 10 Feb 2021, at 12:57, Bill Cole wrote: On 10 Feb 2021, at 11:17, Kris Deugau wrote: Bill Cole wrote: On 9 Feb 2021, at 18:37, Kenneth Porter wrote: I'm reminded of the recent po

Re: URLs hidden in Morse code

On 2/10/21 9:17 AM, Kris Deugau wrote: I would personally class any email with active Javascript as malware - it should never have been supported at all IMO - but the marketing departments have taken charge and I see all too much (ie, more than absolutely none) legitimate mail using it. I'll

Re: URLs hidden in Morse code

On 10 Feb 2021, at 11:17, Kris Deugau wrote: Bill Cole wrote: On 9 Feb 2021, at 18:37, Kenneth Porter wrote: I'm reminded of the recent post suggesting that SA parse QR codes to feed

Re: URLs hidden in Morse code

Bill Cole wrote: On 9 Feb 2021, at 18:37, Kenneth Porter wrote: I'm reminded of the recent post suggesting that SA parse QR codes to feed URLs to block lists. The email includes a

Re: URLs hidden in Morse code

On 9 Feb 2021, at 18:37, Kenneth Porter wrote: I'm reminded of the recent post suggesting that SA parse QR codes to feed URLs to block lists. The email includes a web document pretend

Re: URLs hidden in Morse code

On Tue, 9 Feb 2021, Kenneth Porter wrote: I'm reminded of the recent post suggesting that SA parse QR codes to feed URLs to block lists. The email includes a web document pretending to be an Excel document (double extension .xlsx.hTML) that contains a JavaScript Morse decoder and a string wi

URLs hidden in Morse code

I'm reminded of the recent post suggesting that SA parse QR codes to feed URLs to block lists. The email includes a web document pretending to be an Excel document (double extension .x