Re: Website executing javascript in SMS message

[thomas sjogren <t_sjogren () POSTMASTER CO UK>]

>
Sounds rather apocalyptic, but please show me a serious attack code fit in the barely 160 characters of an SMS message. 
Or maybe technology have suddenly evolved where the sun shines earlier than here :)
>

Maybe it´s apocalyptic, but
<xMETA HTTP-EQUIV="Refresh"x CONTENT="0;URL=http://www.cr4sh.com"x>
is all you need and it´s not 160 characters (the x´s should be excluded).
Sure, this is not a serious attack code, but if you´re
redirected to a website with a malicious code on it the above code could be used as a attack code.


>
OTOH, as long as ONE service provider is involved here, shouldn't you be working with it to fix a  incipient form of 
attack instead of waving flags on public list in order to generate panic and to eventually
get kudos ?
>

Yes it´s only one service provider, just like Hotmail.
Why didn´t I contact mtnsms? I did, and their reply was: "Why did you send us this letter?". They are not, as I see it, 
interested in a fix. So why not inform about this and maybe notify people working whis this kind of services?

/Thomas




--
url: www.freespeech.org/screams

-----BEGIN PGP SIGNATURE-----
iQA/AwUAOj+s0Epl7KAh2d9BEQK9pwCf
Qt7re02wzZxcGJPyqQyWWQAFnPMAn2yf
EdhkgV7kgJXEXPomwWapRj4K=No9l
-----END PGP SIGNATURE-----