[SCADASEC] HTML tagging test

[ljknews]

At 10:42 AM -0600 2/7/08, Leif Ericksen wrote:

> IMHO, HTML code should be eliminated from all email servers and
> services.  Providing a URL for a person to go to or attachments to open
> would be best.  If all ISPs as well as email clients forced NO HTML less
> bandwidth would be used.  There may be even other advantages.

While I agree for email that comes to me, there may be some
situation where it is appropriate.

> How can we apply this to SCADA Security?

SCADA Security (the discipline) probably has very little
to do with email, HTML or otherwise.

For all I know SCADA Security (the mailing list) already
does enough to prevent such transmissions.

Typically mailing list engines provide the ability to
prevent transmission of HTML.  But they likely would
only do so for HTML that is labeled as such, not for
HTML code that happens to be within a nominally text
transmission or part.  I believe that inclusion of
HTML within a text transmission is what is quoted
in the segment below.  That construct would be
difficult to filter and there may be some cases
where filtering that would be inappropriate:

	I have heard that the CPM operating system
	will crash if it is serving a web page that
	contains the string </JAVA>,  Can anyone
	verify that ?

The above is a sample post, with no basis in reality.

> On Thu, 2008-02-07 at 09:26 -0500, ljknews wrote:
>> At 1:38 PM -0600 2/6/08, Bob Radvanovsky wrote:
>> 
>> > <HTML>
>> > Item should appear as <B>bolded></B> and as <I>italics</I>.<BR><BR><BR>End.
>> > </HTML>
>> 
>> I hope this was just a test and nobody is planning on
>> sending this sort of stuff to the list.  As I hope you
>> can see, it is quite hard to read.
>> 
>> Of course the sample provided is short enough for me to
>> see that there is an extra right angle bracket after
>> the word "bolded".
-- 
Larry Kilgallen