mailing list archives
Re: Web Application Security Survey
From: Anil Madhavapeddy <anil () RECOIL ORG>
Date: Sat, 2 Sep 2000 01:01:16 +00100
Quoting D-Krypt <dkrypt () YAHOO COM>:
-Web Application Security Survey-
Results show that Microsoft Hotmail, Excite, Altavista, E-Bay, Lycos
Netscape WebMail, E-Trade, Infoseek/Go.com and their users are all
currently vulnerable to web based attack.
We've had some queries to the Horde/IMP (a popular GPL'ed webmail
client) list about its security following advisories like the
Just to confirm that IMP-2.2.0 is shipped secure by default, with
inline-HTML viewing capability disabled.
Users are warned clearly in the configuration file about the
dangers of inline viewing, and we make a pretty good effort to
However, this is not to be relied on, so enable the inlining
at your own risk!
Feel free to inspect the code (in horde/imp/lib/mimetypes.lib)
and point out any problems or holes in it, so we can continue to
improve security in our ongoing development branches.
IMP's homepage is http://horde.org/imp/ , and the mailing lists
are at http://horde.org/mail/
Anil Madhavapeddy, <anil () recoil org>
- Re: Web Application Security Survey Anil Madhavapeddy (Sep 02)