EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 4 Jan 2007, 09:36 PM   #1
rjlov
Essential Contributor
 
Join Date: Aug 2003
Location: Melbourne, Australia
Posts: 282

Representative of:
Fastmail.FM
PDF XSS exploit protection

Hi.

I've just put in place a couple of checks to help protect our users from a particular family of XSS attacks via links to PDF files. If you're viewing an HTML message that contains one of these links via the web interface, then the Phishing Protection will disable the link with a warning. URLs of this form that appear in a text message will not be converted to a clickable link.

This should reduce the likelihood of users being compromised by such links sent to them in email messages.

For more information on the exploit:
http://secunia.com/advisories/23483/
http://www.kb.cert.org/vuls/id/815960

Richard.
rjlov is offline   Reply With Quote

Old 5 Jan 2007, 01:21 PM   #2
Jeremy Howard
Ultimate Contributor
 
Join Date: Sep 2001
Location: Australia
Posts: 11,499
Pretty cool - protection added within 24 hours of the security advisory!
Jeremy Howard is offline   Reply With Quote
Old 6 Jan 2007, 10:42 AM   #3
eggman
Essential Contributor
 
Join Date: Jun 2002
Location: AU
Posts: 468
thanks! great work.
eggman is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 12:25 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy