On Wed, 2005-01-12 at 12:37 -0800, Steven Rakick wrote: > This would mean that if an image exploiting the > recently announced Microsoft LoadImage API overflow > were imbedded into HTML email there would be zero > defense from the network layer as it would be > completely invisible. > > Why am I not seeing more about this in the press? It > seems pretty threatening to me... Because it's old news from a network layer perspective. Images, emails, etc can also be transferred zipped or encoded in base64 and what not. Lots of IPS/IDS/AV and other gateway devices miss these encoded files. The only novel approach I can see here is the embedding of the data together with type and encoding in the URL. Nice idea. $20 says spyware/spam/porn/phishing sites will adopt this fairly soon. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html