daemon@ATHENA.MIT.EDU (Norbert Luckhardt)
Tue Jan 4 15:15:56 2000
Message-Id: <4.2.0.58.20000104103034.00c0e6d0@pop.heise.de>
Date: Tue, 4 Jan 2000 10:35:40 +0100
Reply-To: Norbert Luckhardt <nl@CT.HEISE.DE>
From: Norbert Luckhardt <nl@CT.HEISE.DE>
X-To: Georgi Guninski <joro@NAT.BG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3870A555.9B274E86@nat.bg>
-----BEGIN PGP SIGNED MESSAGE-----
Hello out there,
At 14:34 03.01.00 , Georgi Guninski wrote:
>Georgi Guninski security advisory #1, 2000
>
>Hotmail security hole - injecting JavaScript using <IMG
>LOWSRC="javascript:....">
...
>Workaround: Disable JavaScript
this is a good security hint - but no workaround for hotmail users. hotmail
(perhaps only the MS passport service) needs javascript - without it you
only get the following message:
Sign In Access Error
JavaScript required. The browser that you are using does not support
JavaScript, or you may have
disabled JavaScript.
have secure fun, Shalom dann,
NOrbert
- --
Norbert Luckhardt http://www.heise.de/ct/Redaktion/nl/
Redaktion c't Tel.: +49 511 5352 - 300 Fax: +49 511 5352 - 417
Helstorfer Str. 7 D-30625 Hannover BBS: +49 511 5352 - 301
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
iQCVAwUBOHGw3DYMsgdcZ8mpAQFlPwQAooduvRAD24bS85Nh57pUzjQI0ODixpt2
JdZN7LedvWn87ZLDggkQ3c9/NAz7VnPRC40RUjjNWeapED0AMwp+VZdJq3doGOPo
LDvmWAQUGX2mWI38rJ196fjlK7mUZoICU/JFDt9gbABF9g/+gk+aXCasmYv+kxqt
rFfIU07E5Jc=
=WAgc
-----END PGP SIGNATURE-----
