[Full-disclosure] Using domain whois information for fun and profit

[bkfsec]

Steven Rakick wrote:

>Let me ask you something.
>
>If I send an email to full disclosure with cookie
>theft JS in the body of my message and some Fucktard
>email reader executes it, would you blame Mailman or
>the Fucktard email reader?
>
>  
>
Bad example.

Mail routing programs are supposed to be liberal in their acceptance of 
body content because there are all kinds of valid uses of that type of 
content allowable in e-mail.  The same is not the case for whois 
output.  Whois output is not, by design, supposed to contain script as 
far as I'm aware.

             -bkfsec