> - Is plain gopher sans WWW vulnerable to this same problem? Do they
> know about it? If not, telling them (and also CERT) would be a good idea.
I've just verified this myself. Oops!!
How about patching clients so they have a list of "dodgy ports",
like SMTP, and ask the user whether to carry on if they get given
a URL that points to one?