xml file parsing in C

[Random832]

I am secure. Their customers aren't. It's stupid to endanger
people for no conceivable reason.

Their HTML emails are, presumably, no danger to the users. If someone
can hack their system to change the emails to include dangerous
javascript, they can hack their system to change the formerly text
emails to include html.

Encouraging the users to use a HTML email client may be dangerous, but
it is much harder to quantify.

Even stupider to deny that they can send pure text mail.

They may have an off-the-shelf (or "handed down from corporate" if the
person you talked to was from a local branch) solution that does not
provide this as an option.

Even if not, it might be more along the lines of "we can't justify the
expense of changing the system to allow us to send text email to one
person"

 

[John F]

What gets me is banks and credit cards that insist on sending me
html mail. I keep telling them that it is a security risk, and
they keep insisting that they can't do anything else. Idiots.
Bank of America is one.

LOL! Fits my experience.

 

[John F]

They may have an off-the-shelf (or "handed down from corporate" if
the
person you talked to was from a local branch) solution that does not
provide this as an option.

Even if not, it might be more along the lines of "we can't justify
the
expense of changing the system to allow us to send text email to one
person"

If large companies like Texas Instruments, Farnell/Newark/Inone can do
it, it shouldn't be a big problem for a bank as large as the BoA.

IMO they are not willing to set their AS400 (or whatever) analysts on
schedule to script a new option depending on a tic set in an HTML
formular online or in the banks management system (One should not
forget that it has to be included in the cashier's frontend too, in
case you turn up at the bank and you want to have it changed...) Could
be too much of a trouble aka too expensive (Not for a large bank).

 

[CBFalconer]

Their HTML emails are, presumably, no danger to the users. If
someone can hack their system to change the emails to include
dangerous javascript, they can hack their system to change the
formerly text emails to include html.

Encouraging the users to use a HTML email client may be dangerous,
but it is much harder to quantify.

It makes their customers accept html mail. Such mail can be faked
by anyone, contain webbugs and whatnot. Your attitude is typical,
and one of the reasons we have all the security invasions. It puts
even me at risk, in that such a faked email can let something into
somebody elses machine, which in turn contains my email address,
and that in turn enables attacks on me. For example, so far today
my firewall log shows 33 rejected attacks within about 15 minutes
of total connection time.

 

[Christopher Benson-Manica]

I shy away from stuff in [] these days, because Google has decided for
some unknown reason to strip them in messages that originate there,
including replies. I've gone with "- TPA" in the subject.

I missed the transition to "- TPA", and I was actually just about to
jump in this thread to complain about the lack of [TPA] as a result.
I will update my filter accordingly.