Really, it's a simple email away from a complete disaster Send an email to sever... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

raverbashing on Jan 11, 2016 | parent | context | favorite | on: TrendMicro Node.js HTTP server listening on localh...

Really, it's a simple email away from a complete disaster

Send an email to several people on the organization containing the offending JS that calls shell execution, this can have a huge impact.

"Security software" LOL

JoshTriplett on Jan 12, 2016 [–]

While email can't directly call JavaScript, these URLs look like they'd work if just loaded, so an <img> tag might suffice to cause shell execution.

raverbashing on Jan 12, 2016 | [–]

True, and you can always have a "Click here for more info" in the email pointing to a believable page.

But yeah, an image will most likely do it.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact