[plug] kmail and the gigasecond bug

Bill Kenworthy billk at iinet.net.au
Sat Sep 8 07:27:21 WST 2001


The lynx -dump idea sounds workable.  An alternative is anomy (I find it
excellent) which "defangs" suspect html and scripts amongst other
things, leaving them readable, but no funny buisiness allowed.  That
only leaves those using <flamethrower on>legacy text mail
readers</flamethrower off> :) who have difficulty reading the stuff.
HTML in itself is NOT a security risk, its the use a program may make of
it (like MS does), and no Unix email reader I have used does silly
things like that.

A point I would like to make is there are many good reasons to use html
mail - YOU will be the one missing out if you get too paranoid.  If you
want to risk missing out on that once in a lifetime job offer, go for it
...

Valid uses of html mail I have found are: its great between friends and
family (attach family photos etc) that are unskilled in computer use,
certain mail lists where presentation is important to the sender,  such
as management in many (non-tech) companies where you dont want to be
seen a dinosaur (i.e., incompetant and unable to move with the times!). 
In effect, you know better, but you are competing with those who dont
and will be seen at a disadvantage ...

And dont forget windows seems to default to this, so if you need to read
from unskilled windoze users ...

And Brett, didnt I see somewhere that you said you were using NS 4.6x -
from memory that had some severe security issues with the browser
reading code from websites, I'd suggest you upgrade to the latest 4.7. 
Also RH 6.2 is getting a bit long in the tooth - many gui applications
have moved on and its starting to become impractical to configure it to
run the latest stuff, do yourself a favour and update which will be
better in the long run you will have to do it sooner or later when you
hit that wall where its just not practical to try and force some
application you really need onto an old OS.

Man, reading through the above before sending - what a rant!!!
BillK


On Fri, 2001-09-07 at 22:13, Steve Vertigan wrote:
> Bret Busby wrote:
> 
> > So, rejecting HTML emails, and sending a message back to the sender, would
> > appear to be a good protection.
> 
> When I get round to it I'm going to expand my perl mailing filters to
> kill html on mailing lists and on personal mail just run it through lynx
> -dump or something similiar.  I'd hate to think that my mail elitism
> would lead to bouncing a lucrative job offer from a PHB that sent me a
> html mail.





More information about the plug mailing list