![]() |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Scott R. Ehrlich wrote: > I received an email spam with the following partial body (I'm omitting > the image itself), that, when read with Firefox 3 on my Ubuntu Linux > box, produced an image: > > This is a multi-part message in MIME format. It was probably exploiting a bug in the html rendering of some mail client. My html is a little rusty, but I bet there's a way to have in-line images, and this was probably using that feature. > On a Windows system, I could see it possibly doing any kind of harm. > > But under Linux, or even MacOS, what problems, if any, could I truly expect? Anything, if you read-email as root ;-) If you're as your normal user, then it's highly unlikely that your whole system is screwed. There would have to be both a MUA vulnerability /and/ a privilege escalation bug in the OS. Those are pretty common with windows, since they're still new to this whole "multi-user" idea, but they are less common with *nix. > Would I be considered immune enough to not need a reinstall? Totally depends on both the target of the vulnerability (i.e. Outlook, or thunderbird, or Eudora) and the payload (a windows virus, linux virus, mac virus). You're not automatically immune under any OS. At this point it's still highly unlikely that someone would target a linux-OS and MUA with a mass-mailing, so chances are you're fine. That counted for a lot more when they would just go after the largest-market-share OS/MUA for mass-mailings. But with phishers doing selective targeting nowadays, that isn't always the case, so you should watch out. Your best bet is to keep up with security patches for your MUA, it's dependencies, and the OS. You can also configure your MUA to reduce the attack surface significantly: - disable html rendering completely (most mail clients send txt versions as well) - disable full html rendering (for example, thunderbird has a "Simple" html mode that doesn't do images, but will do basic html layout) - force all incoming messages into either UTF-8 or ISO-8859-1 character encodings (this one is probably of dubious value, but I never need to read foreign-language emails, so it doesn't hurt me) HTH, Matt -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss