Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Embedded image security?



 Scott R. Ehrlich wrote: 
> I received an email spam with the following partial body (I'm omitting 
> the image itself), that, when read with Firefox 3 on my Ubuntu Linux 
> box, produced an image: 
> 
> This is a multi-part message in MIME format. 

It was probably exploiting a bug in the html rendering of some mail client. 
My html is a little rusty, but I bet there's a way to have in-line images, and 
this was probably using that feature. 

> On a Windows system, I could see it possibly doing any kind of harm. 
> 
> But under Linux, or even MacOS, what problems, if any, could I truly expect? 

Anything, if you read-email as root ;-)  If you're as your normal user, then 
it's highly unlikely that your whole system is screwed.  There would have to 
be both a MUA vulnerability /and/ a privilege escalation bug in the OS.  Those 
are pretty common with windows, since they're still new to this whole 
"multi-user" idea, but they are less common with *nix. 

> Would I be considered immune enough to not need a reinstall? 

Totally depends on both the target of the vulnerability (i.e. Outlook, or 
thunderbird, or Eudora) and the payload (a windows virus, linux virus, mac virus). 

You're not automatically immune under any OS.  At this point it's still highly 
unlikely that someone would target a linux-OS and MUA with a mass-mailing, so 
chances are you're fine.  That counted for a lot more when they would just go 
after the largest-market-share OS/MUA for mass-mailings.  But with phishers 
doing selective targeting nowadays, that isn't always the case, so you should 
watch out. 

Your best bet is to keep up with security patches for your MUA, it's 
dependencies, and the OS.  You can also configure your MUA to reduce the 
attack surface significantly: 
  - disable html rendering completely (most mail clients send txt versions as 
well) 
  - disable full html rendering (for example, thunderbird has a "Simple" html 
mode that doesn't do images, but will do basic html layout) 
  - force all incoming messages into either UTF-8 or ISO-8859-1 character 
encodings (this one is probably of dubious value, but I never need to read 
foreign-language emails, so it doesn't hurt me) 

HTH, 
Matt 

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org