Full Disclosure mailing list archives
Re: Using domain whois information for fun andprofit
From: Steven Rakick <stevenrakick () yahoo com>
Date: Fri, 3 Mar 2006 15:26:19 -0800 (PST)
I'm not sure. This is an RFC that was last updated in 1985. I'm not sure script injection was an issue back then. Additionally, I don't believe RFC954 really gives any specifics about what should be considered *bad*. Email only supports rich content because the world let it. Was it supposed to? Is it clearly defined? -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of bkfsec Sent: Friday, March 03, 2006 5:52 PM To: Steven Rakick Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Using domain whois information for fun andprofit Steven Rakick wrote:
Let me ask you something. If I send an email to full disclosure with cookie theft JS in the body of my message and some Fucktard email reader executes it, would you blame Mailman or the Fucktard email reader?
Bad example. Mail routing programs are supposed to be liberal in their acceptance of body content because there are all kinds of valid uses of that type of content allowable in e-mail. The same is not the case for whois output. Whois output is not, by design, supposed to contain script as far as I'm aware. -bkfsec _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.co __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Using domain whois information for fun andprofit Steven Rakick (Mar 03)