|
PureBytes Links
Trading Reference Links
|
----- Original Message -----
From: "A.J. Maas" <anthmaas@xxxxxxxxx>
To: "Metastock-List" <metastock@xxxxxxxxxxxxx>
Sent: Monday, April 03, 2000 6:12 PM
Subject: Re: Brown and Co. (Longish explanation)
> Please, do not start hoaxes.
Certainly not a hoax. Please do not downplay a serious risk to privacy and
security.
> > In addition to etiquette and consideration for those who do not or cannot
> > set their e-mail applications to read HTML, there are a couple additional
> > reasons to encourage the use of plain text for e-mail lists.
>
> //////Upgrade is something anyone can do, of free will and for FREE, so
> point not taken!
>
> > Courtesy. HTML messages are larger, so downloading is a factor for those
> > who monitor several lists or have slower internet connections.
>
> //////Messages are what it says, 1-2-3 liners. Mails are multiple liners
> thus can get larger.
> If monitoring a list, reduce that to monitoring what is of your
> intrest, and skip other mails/lists.
>
> > More importantly, HTML e-mail is a security risk. There are increasing
> > occurrences of HTML containing code or executable scripts that, at best,
> > phone home to confirm the address is good and report on readers' habits
> > or, at worst, embed trojan horses that can do serious damage just by
> > viewing them.
>
> //////You yourselves are the risk-factor. For that I have forwarded enough
> prevention-mails.
I shall not even comment on the above. My statements stand.
> HTML cannot infect your mailer if you leave attachments un-open-ed.
> Wether they be virusses, trohjans or whatever attached "bugs"(note
> that they cannot be embedded, they can only be referenced in the code
> AND be attached as a file).
HTML mail occasionally contains invisible code that will notify a tracking
service when it has been read and by whom. I consider this a privacy invasion
and I usually delete this trash on the spot, but here is a sample extracted
from one such mail:
<img width='1' height='1'
src="http://www.m0.net/m/logopen02.asp?vid=75&catid=459249590&email=myname%4
0mycom.com" alt=" ">
HTML mail also can be embedded with malicious scripts or code. Two or three
good demonstrations can be found at Georgi Guninski's site at
http://www.nat.bg/~joro/index.html Another recent example is the BubbleBoy
worm which was activated from the Outlook Express preview pane without opening
the e-mail, let alone a file attachment. See
http://www.nipc.gov/nipc/bubbleboy.htm There was also the Java virtual
machine vulnerability that allowed code in an HTML e-mail to manipulate files
on -- or even reformat -- the victim's hard drive. The best description I
could find for this is at
http://www.wired.com/news/technology/0,1282,21459,00.html
The solution, in a lot of cases, is to turn off active scripting in one's
e-mail reader, but most people are not aware of this vulnerability nor the
solution. There are also patches and updates available from the software
producer that will repair a lot of the other vulnerabilities.
File attachments are still the most common method of spreading viruses, but it
is not necessary to attach a malicious file to cause damage or mischief with
HTML mail.
> But : Whatever you do, do not Share (disks).
> Save an attachment to temp-disk first, than view file with a proper
> Viewer, and Delete permenantly if uncertain.(Youcan use the
> UNDELETE command to truely check
> if a file has been fully deleted from the disk(=also a large file).
> All basic prevention-stuff.
All good advice. In addition, run up-to-date antivirus software. Also, turn
off file sharing and print sharing and/or run a good firewall application.
|