On Mon, 2006-03-27 at 09:55 -0500, Dan Thurman wrote: > Thanks to all who responded. I guess I am better informed as to why > the default is to disable the images by feature. It is a security > feature to protect us from those who can cull your email address. > > Sigh... too bad. I just did not imagine IMAGES can be used to > circumvent security. Not just privacy, as specifically outlined in the prior messages, but also security: If you opened the image files on a windows client, not only do you risk being spied upon, you risk software exploits that really do expose security flaws. The classic case being HTML mail that has a MIDI file to play in the background, but an executable is sent instead. MIDI files are considered safe, so they're "allowed". Beyond that check, Windows ignores the MIME type description saying it's a MIDI, examines the content to find out what it thinks it is, discovers that it's an executable, then does what it normally does with the type of file that it determines to be - in this case it runs it. The file can be malware but not any virus or trojan that such protective software detects, and can do whatever it damn well pleases on the box. Be grateful that Linux is not Windows, and doesn't try to be. If it did, what would be the point? You might as well use Windows. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
