<<< Date Index >>>     <<< Thread Index >>>

Re: XSS on Yahoo Mail



alireza hassani wrote:

>--- Will Wesley <willwesleyccna@xxxxxxxx> wrote:
>  
>
>>Anyway, a solution is really quite simple.
>>Allow users to disable HTML in their email, or why
>>    
>>
>not by >default? 
>
>Don't you think this is not a real solution?
>User must be safe to use any option and also full
>performances.
>  
>

This HTML stuff should be allowed, but controlled - similar to on blogs.
Unfortunately I have found very bad hole in the compose mail section of
yahoo when HTML is on, but that just means that they should filter
better for HTML features.

>Alireza Hassani (http://www.kapda.ir)
>
>
>
>               
>__________________________________ 
>Yahoo! Music Unlimited 
>Access over 1 million songs. Try it free. 
>http://music.yahoo.com/unlimited/
>
>
>  
>


-- 
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!