Bugtraq mailing list archives
Re: Website executing javascript in SMS message
From: thomas sjogren <t_sjogren () POSTMASTER CO UK>
Date: Fri, 16 Feb 2001 21:00:06 +0000
Sounds rather apocalyptic, but please show me a serious attack code fit in the barely 160 characters of an SMS message. Or maybe technology have suddenly evolved where the sun shines earlier than here :)
Maybe it´s apocalyptic, but <xMETA HTTP-EQUIV="Refresh"x CONTENT="0;URL=http://www.cr4sh.com"x> is all you need and it´s not 160 characters (the x´s should be excluded). Sure, this is not a serious attack code, but if you´re redirected to a website with a malicious code on it the above code could be used as a attack code.
OTOH, as long as ONE service provider is involved here, shouldn't you be working with it to fix a incipient form of attack instead of waving flags on public list in order to generate panic and to eventually get kudos ?
Yes it´s only one service provider, just like Hotmail. Why didn´t I contact mtnsms? I did, and their reply was: "Why did you send us this letter?". They are not, as I see it, interested in a fix. So why not inform about this and maybe notify people working whis this kind of services? /Thomas -- url: www.freespeech.org/screams -----BEGIN PGP SIGNATURE----- iQA/AwUAOj+s0Epl7KAh2d9BEQK9pwCf Qt7re02wzZxcGJPyqQyWWQAFnPMAn2yf EdhkgV7kgJXEXPomwWapRj4K=No9l -----END PGP SIGNATURE-----
Current thread:
- Website executing javascript in SMS message thomas sjogren (Feb 15)
- <Possible follow-ups>
- Re: Website executing javascript in SMS message thomas sjogren (Feb 16)