Evolution: Why are images not displayed?

David Timms dtimms at bigpond.net.au
Mon Apr 10 10:14:58 UTC 2006


Tim wrote:
> On Mon, 2006-03-27 at 09:55 -0500, Dan Thurman wrote:
>> Thanks to all who responded.  I guess I am better informed as to why
>> the default is to disable the images by feature.  It is a security
>> feature to protect us from those who can cull your email address.
>>
>> Sigh...  too bad.  I just did not imagine IMAGES can be used to
>> circumvent security.
> 
...
> The classic case being HTML mail that has a MIDI file to play in the
> background, but an executable is sent instead.
And don't forget the (generally buffer-overflow) attacks based on images 
off type tiff, pcx, bmp, png, psd, pnm, xwd, jpg, pcx, gif, xpm, 
photocd, wmf, pdf, niff, and exif data in types that support exif. These 
have all come to light in the last 24 months.

http://secunia.com/search/?search=image

I remember reading that some of these attacks on windows/internet 
explorer are very effective.

DaveT.




More information about the fedora-list mailing list