[TriLUG] destructive spam?

stan briggs stan at stanbriggs.com
Thu Jun 3 15:12:53 EDT 2004 

a technique like described below certainly works. there are many ways to
get to the source to see what characters are there. the problem, though,
is that the cid: entry is followed by a whole bunch of ascii characters
that evidently mean more than just their random human readable letters.
they don't look like hex. i don't know what they are.

ideas, anyone?

stan


> The technique for discovering where these references point
> depends on your email client.
>
> You need to save the email to a file on hard disk,
> then view it with a text reader. Then just
> read the html and you can spot the external references.
>
> With most 'nixes, you could create a folder, move the
> questionable email into it (so that it's isolated from the other
> 5 megabytes in your Inbox folder), and navigate into it following
> your .Mail or .mail or .Mailbox directory off your roothome (~).
> Then open it in vi or whatever.
>
> If you use outlook by day, then create a new email addressed to
> yourself and use the "insert -> item" feature.  Once it's in your
> inbox, then right click on the attachment, do a "Save As",
> name it whatever.txt.  Examine it with with notepad.
>
> Marty
>
> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org]On
> Behalf Of Turnpike Man
> Sent: Thursday, June 03, 2004 12:29 PM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] destructive spam?
>
>
> slightly better... but without clicking these links, is there any way to
> decipher where they are going to take us?
>
> David M.
>
> --- sholton at mindspring.com wrote:
>> You are familiar with URL's that contain a protocol identifier (http:,
> ftp:)
>> followed by a host identifier (trilug.org, ftp.ics.uci.edu) followed
>> by an object reference (index.html, pub/ietf/uri/rfc2111.txt).
>>
>> Think of "cid" and "mid:" as being the URL way to point to an object
>> contained within the same MIME-encoded message.
>>
>> I'd offer an example, but I refuse on principle to create a MIME-
>> encoded message.
>>
>> It tells the HTML-interpreter (which the would-be mark is using to
>> read his mail...not that any of us would ever do that...) where to
>> find the object it needs to correctly render the HTML page.
>>
>> I presume that if said HTML-interpreter also has a tendency to
>> execute objects it believes to be executable, such a construct
>> could be used to cause the execution of code within  the local
>> context.
>>
>> Any better?  I swear it's all English...
>>
>> -----Original Message-----
>> From: Turnpike Man <turnpike420 at yahoo.com>
>>
>> > Even after reading, can someone put that in english?  thanks!
>> > David M.
>>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends.  Fun.  Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
> : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ
> : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

More information about the TriLUG mailing list