The InfoSec Blog

Text vs HTML: what is more secure?

Posted by Anton Aylward

There are "good" mailing lists and "not so good" mailing lists from the point of view of security.

Try posting HTML mail to a "good" and one of two things will happen.

  1. If you have a mailer that includes the plain text then the list
    software will discard that, forward the plain text to the list
    with a message reading

    [Non-text portions of this message have been removed]

    I'm sure you've seen that message in posts on yahoogroups and similar.

  2. If you have a mailer that doesn't include the plain text
    then one of two things may happen:

    1. The plain text version is displayed, but being null the text that appears is
      empty, but you still get

      [Non-text portions of this message have been removed]

      I'm sure you've seen that too.

    2. The list software does its best to convert the html to plain text by stripping
      off the html tags. This works, but may
      produce some odd results. However you still get

      [Non-text portions of this message have been removed]

419 scammers using Dilbert.com

Posted by Anton Aylward

http://blogs.zdnet.com/security/?p=3809&tag=nl.e539

Oh, the ignominy!

On their way to search for clean IPs through which to send out yet another scam email, 419 con-artists (Mrs Sharon Goetz Massey) have recently started using Dilbert.com’s recommendation feature in an attempt to bypass anti-spam filters -- and it works. The use of Dilbert.com’s clean IP reputation comes a month after 419 scammers used the same tactic on NYTimes.com ‘email this’ feature.

One thing in InfoSec is certain: the bad guys will always in a way round whatever controls we put up an find ways to subvert legitimate tools an protocols.

Reblog this post [with Zemanta]