RE: The Dangers of Email Archives

[Tim Hollebeek <thollebeek () cigital com>]

>  While this product itself doesn't have a hole in it; it is 
> often used to help
>  to translate mail for other archiving software. I've seen in 
> some examples
>  that email was translated with this tool and archived with 
> other software, and html
>  tags where translated/executed as normal..

There are lots of reasonably similar flaws.  I scared the ****
out of myself when I got a javascript error while reading the
Nimda analysis posted to securityfocus.com.

Parts were generated by just putting <pre> around the relevant
code from Nimda, but IE is more than happy to interpret <script>
within <pre>, which caused me to worry that the securityfocus.com
page had been rewritten by Nimda, until I looked a bit closer.

Be very, very careful how you deal with converting text to html and back.

Tim Hollebeek
Research Scientist
Cigital Labs