On Wed, 31 Aug 2016, Chip M. wrote:
** Mitigation:
The easiest way to catch these is with a simple body word match.
Here's the exact matches I am currently using (some of them are
recent additions, listed in date of addition order):
href="data:
href='data:
http://data:
data:text/html;base64
<IMG src="data:
hta:application
I'll see about getting those into the sandbox.
*** Do any of you HTML gurus have additional suggestions? :)
... a poison-pill rule for < script > tags in email HTML? (only slightly
toungue-in-cheek)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I'm seriously considering getting one of those bright-orange prison
overalls and stencilling PASSENGER on the back. Along with the paper
slippers, I ought to be able to walk right through security.
-- Brian Kantor in a.s.r
-----------------------------------------------------------------------
253 days since the first successful real return to launch site (SpaceX)
