Users offer a sloppy, target-rich environment with nearly unlimited access to trouble. They form a poorly guarded bridge between the internal network and the Internet.
Admins who allow email clients to receive unadulterated HTML documents are opening a hole in network security that can be very difficult to defend... especially once an attacker is inside the network perimeter.
HTML makes it easy to duplicate the appearance of groups from whom the end user regularly receives HTML messages, like banks, credit card companies and online auction houses. And hiding links to phishing or malware sites beneath apparently legitimate URLs is elementary.
When you add the potential havoc caused by attachments, ActiveX, Java, VBscript, and javascript... well, you get the picture. You open the door to all manner of rootkit, backdoor, keylogger, etc.
Admins who allow email clients to receive unadulterated HTML documents are opening a hole in network security that can be very difficult to defend... especially once an attacker is inside the network perimeter.
HTML makes it easy to duplicate the appearance of groups from whom the end user regularly receives HTML messages, like banks, credit card companies and online auction houses. And hiding links to phishing or malware sites beneath apparently legitimate URLs is elementary.
When you add the potential havoc caused by attachments, ActiveX, Java, VBscript, and javascript... well, you get the picture. You open the door to all manner of rootkit, backdoor, keylogger, etc.
0 comments:
Post a Comment