[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Brown and Co. (Longish explanation)



PureBytes Links

Trading Reference Links

----- Original Message -----
From: "A.J. Maas" <anthmaas@xxxxxxxxx>
To: "Metastock-List" <metastock@xxxxxxxxxxxxx>
Sent: Monday, April 03, 2000 6:12 PM
Subject: Re: Brown and Co. (Longish explanation)

> Please, do not start hoaxes.


Certainly not a hoax.  Please do not downplay a serious risk to privacy and
security.


> > In addition to etiquette and consideration for those who do not or cannot
> > set their e-mail applications to read HTML, there are a couple additional
> > reasons to encourage the use of plain text for e-mail lists.
>
> //////Upgrade is something anyone can do, of free will and for FREE, so
> point not taken!
>
> > Courtesy.  HTML messages are larger, so downloading is a factor for those
> > who monitor several lists or have slower internet connections.
>
> //////Messages are what it says, 1-2-3 liners. Mails are multiple liners
> thus can get larger.
>       If monitoring a list, reduce that to monitoring what is of your
>       intrest, and skip other mails/lists.
>
> > More importantly, HTML e-mail is a security risk.  There are increasing
> > occurrences of HTML containing code or executable scripts that, at best,
> > phone home to confirm the address is good and report on readers' habits
> > or, at worst, embed trojan horses that can do serious damage just by
> > viewing them.
>
> //////You yourselves are the risk-factor. For that I have forwarded enough
> prevention-mails.


I shall not even comment on the above.  My statements stand.


>       HTML cannot infect your mailer if you leave attachments un-open-ed.
>       Wether they be virusses, trohjans or whatever attached "bugs"(note
>       that they cannot be embedded, they can only be referenced in the code
>       AND be attached as a file).


HTML mail occasionally contains invisible code that will notify a tracking
service when it has been read and by whom.  I consider this a privacy invasion
and I usually delete this trash on the spot, but here is a sample extracted
from one such mail:

<img width='1' height='1'
src="http://www.m0.net/m/logopen02.asp?vid=75&catid=459249590&email=myname%4
0mycom.com" alt=" ">

HTML mail also can be embedded with malicious scripts or code.  Two or three
good demonstrations can be found at Georgi Guninski's site at
http://www.nat.bg/~joro/index.html    Another recent example is the BubbleBoy
worm which was activated from the Outlook Express preview pane without opening
the e-mail, let alone a file attachment.  See
http://www.nipc.gov/nipc/bubbleboy.htm   There was also the Java virtual
machine vulnerability that allowed code in an HTML e-mail to manipulate files
on -- or even reformat -- the victim's hard drive.  The best description I
could find for this is at
http://www.wired.com/news/technology/0,1282,21459,00.html

The solution, in a lot of cases, is to turn off active scripting in one's
e-mail reader, but most people are not aware of this vulnerability nor the
solution.  There are also patches and updates available from the software
producer that will repair a lot of the other vulnerabilities.

File attachments are still the most common method of spreading viruses, but it
is not necessary to attach a malicious file to cause damage or mischief with
HTML mail.


>       But :  Whatever you do, do not Share (disks).
>       Save an attachment to temp-disk first, than view file with a proper
>       Viewer, and Delete permenantly if uncertain.(Youcan use the
>       UNDELETE command to truely check
>       if a file has been fully deleted from the disk(=also a large file).
>       All basic prevention-stuff.


All good advice.  In addition, run up-to-date antivirus software.  Also, turn
off file sharing and print sharing and/or run a good firewall application.