Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Michal Szokolo (mszkill-spammers.pmp.com.pl)
Date: Sat Jun 23 2001 - 21:02:33 CDT
John Percival wrote:
> I'm going to try and throw another issue into this discussion now too:
> denial of service. We have discussed it for attacking remote servers, but
> not for the client viewing the image. It's something else that I spotted
> while I was playing around with this issue just now.
> If you have images that include a mailto:memy.host.somewhere.com source,
> then the default handler for mailto: links is opened up. Be that Outlook,
> Netscape Composer, Eudora, or whatever else you care to use.
> So if someone embedded 100 (arbitrary figure) mailto: images in a page, then
> this would do a lot of harm to the user's computer. At best, it would get
> very busy for a few minutes creating new emails, and would be a pain to
> clear up. At worst, it could bring the whole system crashing down.
Netscape 4.77 crashes at about 50 such IMG tags, IF they are different
(simply putting mailto:fakeluserfakedomain 100 times won't work (opens
only 2 message windows)), but if you go with some script... instant
crash (try it now free of charge at http://msz.pmp.com.pl/boom/ ;-)).
-- I'm an ugly boy | Nie wchodzic na http://msz.pmp.com.pl/ My face makes you hurl | REKLAMY: I'm a relation | Dla snobow: http://www.filharmonia.pl/ To Frankenstein's creation | Wypij za mnie: http://www.fws.pl/