[94310] in North American Network Operators' Group
HTML email, was Re: Phishing and BGP Blackholing
daemon@ATHENA.MIT.EDU (Travis H.)
Wed Jan 17 20:39:17 2007
Date: Wed, 17 Jan 2007 19:38:14 -0600
From: "Travis H." <travis+ml-nanog@subspacefield.org>
To: nanog@nanog.org
Cc: Mark Foster <blakjak@blakjak.net>, Rich Kulawiec <rsk@gsp.org>
Mail-Followup-To: nanog@nanog.org, Mark Foster <blakjak@blakjak.net>,
Rich Kulawiec <rsk@gsp.org>
In-Reply-To: <20070104000038.GA31249@core.center.osis.gov>
Errors-To: owner-nanog@merit.edu
--XMCwj5IQnwKtuyBG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> If you don't have personal control over the mail system you are using,
> it's possible that you don't have control over whether or not you use
> HTML.
As an armchair security pundit, I think phishing has adequately highlighted
the ability of HTML to mislead, in the sense that its intended recipient is
not a human, and that it has evolved into an unfortunately flexible language
(and extensions) and the browsers are overly forgiving (because syntactical=
ly
correct HTML is not really human-writable, either, for the average human who
is tasked with doing so).
So far I haven't seen a persuasive phishing email that wasn't HTML.
The domain name system has enough problems (is mazdausa.com really related
to mazda.com?) without involving javascript and ActiveX, but they could be
corrected with proper education (how about keeping every URL under one
second-level domain related to your company, perhaps companyname.com)
--=20
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
--XMCwj5IQnwKtuyBG
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (OpenBSD)
iQIVAwUBRa7PhmQVZZEDJt9HAQLXcw/9EVvJpXXeX6l39/wYMuIY7m3g2xhsBMU+
eCAGppW1fwzRKpvIw9TSSzdSNtpjX2wTED39za4u7IRBgWJvIuuHnQtoqR7HDrej
d0lHXVwQYYDSLzOr/tYN+UjcKWZ86QQgqB/fYtflDf1Bp6T0vKjmP7ItbvhnpEq/
Vhr4749yfePDnczmLqMsY8BvaD8lsuDZ9KH8APmP2XvH2XjmfkYjW5psEnH96uUx
kiIR1mqFYXLgbEwCr9Irmq3Tg+ZvoSE0E+bbLVwLeJz5BO6jFP4izezM058K1N6x
48HKbql7n4cKOc7FebnUzQGu7c1BbQaK0FiLb7jfRGsrenmNXBkBhO50V7dkeDD3
K08e2npiMGJcuB3kNcdczZyO+Fzyrd4am2W/Apz+EFCTUIireMcng2kRuAdD/C19
+YdXNjxPV5Xr2e9yxwKyFa4g9rrpvAJXOPJs2A0fjieVRg0+mbjJSVrtdCnzo2XC
97SA3jueWM77yQrFOk8c+8p0K2OHeDeBSYGFXfz1bEqiJQ0hoZiVwYmPxpLiC8sw
ERo6ia7ff1GQgu/N/8SjOjNwtlVgh91GYrU2Kt894FYNVeYwk408/lEVMCN+R5Cp
ogTbBZkuRLCtrr0JdMM8lbk8HHMN3MKdd2kVJ8sDj2rhHlffzYhUyH1X7V/9c9Tj
bRkHnh9NiF8=
=ZMqt
-----END PGP SIGNATURE-----
--XMCwj5IQnwKtuyBG--
