Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: XSS on Yahoo Mail
From: Lance James (lancejsecurescience.net)
Date: Sun Nov 27 2005 - 17:50:15 CST
alireza hassani wrote:
>--- Will Wesley <willwesleyccnayahoo.de> wrote:
>>Anyway, a solution is really quite simple.
>>Allow users to disable HTML in their email, or why
>not by >default?
>Don't you think this is not a real solution?
>User must be safe to use any option and also full
This HTML stuff should be allowed, but controlled - similar to on blogs.
Unfortunately I have found very bad hole in the compose mail section of
yahoo when HTML is on, but that just means that they should filter
better for HTML features.
>Alireza Hassani (http://www.kapda.ir)
>Yahoo! Music Unlimited
>Access over 1 million songs. Try it free.
Secure Science Corporation
Author of 'Phishing Exposed'
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!