[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Brown and Co. (Longish explanation)



PureBytes Links

Trading Reference Links

I am afraid that you have things mixed up heavely here.

Putting a clickable link into a HTML page or mail is not a virus(or one of their
offspring/spinn offs).
Whatever the link involves in/to, is a user's OWN decission to find out and
also AT THAT TIME users own responsability (to click it or not).

The other malfunctioning software "leaks"(=bugs) you mention are of historical
"events" levels. They have been patch fixed for IEv5.00 and prior versions, well before
last year end and this accounts also fully for and in the IEv5.01 and as such
is WAY OFF TOPIC + OUTDATED hoaxing news.

HTML emails or webpages, singly by itselve, are as harmless/full as floppy disks,
CD-Roms or ZipDisks are, eg wether they are stuffed with or without programs that
you can get anywhere. Thus do not continue to spread hoaxes around.

Once you start playing or running a program that is contained on/with it, you can
always be at risk. But that daybreaking "news" stems back for as long as computers
have been around, and is also known to any users, eg since that the first thing in
computing that any user MUST know prior to be able to compute with his machine
in the first place,
is that you will have to run(eg click) a program.
And clicking/running anything that is unknown to any user for that matter can be of
hassardous nature. So no "daybreaking" news her either.

Regards,
Ton Maas
ms-irb@xxxxxxxxxxxxxxxx
Dismiss the ".nospam" bit (including the dot) when replying.
Homepage  http://home.planet.nl/~anthmaas


----- Original Message ----- 
From: "Glen Wallace" <gcwallace@xxxxxxxx>
To: "MetaStock listserver" <metastock@xxxxxxxxxxxxx>
Sent: dinsdag 4 april 2000 8:25
Subject: Re: Brown and Co. (Longish explanation)


> ----- Original Message -----
> From: "A.J. Maas" <anthmaas@xxxxxxxxx>
> To: "Metastock-List" <metastock@xxxxxxxxxxxxx>
> Sent: Monday, April 03, 2000 6:12 PM
> Subject: Re: Brown and Co. (Longish explanation)
> 
> > Please, do not start hoaxes.
> 
> 
> Certainly not a hoax.  Please do not downplay a serious risk to privacy and
> security.
> 
> 
> > > In addition to etiquette and consideration for those who do not or cannot
> > > set their e-mail applications to read HTML, there are a couple additional
> > > reasons to encourage the use of plain text for e-mail lists.
> >
> > //////Upgrade is something anyone can do, of free will and for FREE, so
> > point not taken!
> >
> > > Courtesy.  HTML messages are larger, so downloading is a factor for those
> > > who monitor several lists or have slower internet connections.
> >
> > //////Messages are what it says, 1-2-3 liners. Mails are multiple liners
> > thus can get larger.
> >       If monitoring a list, reduce that to monitoring what is of your
> >       intrest, and skip other mails/lists.
> >
> > > More importantly, HTML e-mail is a security risk.  There are increasing
> > > occurrences of HTML containing code or executable scripts that, at best,
> > > phone home to confirm the address is good and report on readers' habits
> > > or, at worst, embed trojan horses that can do serious damage just by
> > > viewing them.
> >
> > //////You yourselves are the risk-factor. For that I have forwarded enough
> > prevention-mails.
> 
> 
> I shall not even comment on the above.  My statements stand.
> 
> 
> >       HTML cannot infect your mailer if you leave attachments un-open-ed.
> >       Wether they be virusses, trohjans or whatever attached "bugs"(note
> >       that they cannot be embedded, they can only be referenced in the code
> >       AND be attached as a file).
> 
> 
> HTML mail occasionally contains invisible code that will notify a tracking
> service when it has been read and by whom.  I consider this a privacy invasion
> and I usually delete this trash on the spot, but here is a sample extracted
> from one such mail:
> 
> <img width='1' height='1'
> src="http://www.m0.net/m/logopen02.asp?vid=75&catid=459249590&email=myname%4
> 0mycom.com" alt=" ">
> 
> HTML mail also can be embedded with malicious scripts or code.  Two or three
> good demonstrations can be found at Georgi Guninski's site at
> http://www.nat.bg/~joro/index.html    Another recent example is the BubbleBoy
> worm which was activated from the Outlook Express preview pane without opening
> the e-mail, let alone a file attachment.  See
> http://www.nipc.gov/nipc/bubbleboy.htm   There was also the Java virtual
> machine vulnerability that allowed code in an HTML e-mail to manipulate files
> on -- or even reformat -- the victim's hard drive.  The best description I
> could find for this is at
> http://www.wired.com/news/technology/0,1282,21459,00.html
> 
> The solution, in a lot of cases, is to turn off active scripting in one's
> e-mail reader, but most people are not aware of this vulnerability nor the
> solution.  There are also patches and updates available from the software
> producer that will repair a lot of the other vulnerabilities.
> 
> File attachments are still the most common method of spreading viruses, but it
> is not necessary to attach a malicious file to cause damage or mischief with
> HTML mail.
> 
> 
> >       But :  Whatever you do, do not Share (disks).
> >       Save an attachment to temp-disk first, than view file with a proper
> >       Viewer, and Delete permenantly if uncertain.(Youcan use the
> >       UNDELETE command to truely check
> >       if a file has been fully deleted from the disk(=also a large file).
> >       All basic prevention-stuff.
> 
> 
> All good advice.  In addition, run up-to-date antivirus software.  Also, turn
> off file sharing and print sharing and/or run a good firewall application.
> 
>