Hacker News new | ask | show | jobs
by jeffreyg 5223 days ago
Doesn't gmail stop these attacks without needing to force plaintext only by simply disabling images by default?
1 comments
mike-cardwell 5223 days ago
Yes. There was a bug a few years back though where they would display attached SVG images. These images could actually contain javascript, which left it vulnerable to XSS.
link
aptwebapps 5223 days ago
Why is zzz90210's post dead? Everyone knows about tracking via images. I never considered something like bgsound, probably a lot of other people did not as well.

And it's the whole point of the article.

link
ars 5223 days ago
His post is dead because this comment he made: http://news.ycombinator.com/item?id=3662065

Took his karma negative, and once that happened his account was killed. As a new member you have to be careful about controversial statements until you build up a karma cushion.

link
aptwebapps 5222 days ago
I see, an indirect cause didn't occur to me.
link
jongraehl 5223 days ago
The highly-upvoted mail-bug testing site in comments says gmail isn't vulnerable to bgsound - https://grepular.com/email_privacy_tester/
link