Re: Evolution: Why are images not displayed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-03-27 at 09:55 -0500, Dan Thurman wrote:
> Thanks to all who responded.  I guess I am better informed as to why
> the default is to disable the images by feature.  It is a security
> feature to protect us from those who can cull your email address.
> 
> Sigh...  too bad.  I just did not imagine IMAGES can be used to
> circumvent security.

Not just privacy, as specifically outlined in the prior messages, but
also security:  If you opened the image files on a windows client, not
only do you risk being spied upon, you risk software exploits that
really do expose security flaws.

The classic case being HTML mail that has a MIDI file to play in the
background, but an executable is sent instead.  MIDI files are
considered safe, so they're "allowed".  Beyond that check, Windows
ignores the MIME type description saying it's a MIDI, examines the
content to find out what it thinks it is, discovers that it's an
executable, then does what it normally does with the type of file that
it determines to be - in this case it runs it.  The file can be malware
but not any virus or trojan that such protective software detects, and
can do whatever it damn well pleases on the box.

Be grateful that Linux is not Windows, and doesn't try to be.  If it
did, what would be the point?  You might as well use Windows.

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux