Tim wrote:
On Mon, 2006-03-27 at 09:55 -0500, Dan Thurman wrote:
Thanks to all who responded. I guess I am better informed as to why
the default is to disable the images by feature. It is a security
feature to protect us from those who can cull your email address.
Sigh... too bad. I just did not imagine IMAGES can be used to
circumvent security.
...
The classic case being HTML mail that has a MIDI file to play in the
background, but an executable is sent instead.
And don't forget the (generally buffer-overflow) attacks based on images
off type tiff, pcx, bmp, png, psd, pnm, xwd, jpg, pcx, gif, xpm,
photocd, wmf, pdf, niff, and exif data in types that support exif. These
have all come to light in the last 24 months.
http://secunia.com/search/?search=image
I remember reading that some of these attacks on windows/internet
explorer are very effective.
DaveT.
