[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Report excerpt - TAKE THIS SERIOUSLY



PureBytes Links

Trading Reference Links


http://www.eudora.com/  has a free (adware or you can pay to turn off the 
ads) email program that has most of the features of Outlook and lets you 
turn off the ability to execute programs/scripts from within an email 
message.  I've been using it since 1989 or thereabouts and have never had a 
problem with a trojan or virus getting into my system via an email 
message.     You do have to make sure your IE5 internet security settings 
are turned to high before clicking on an email hotlink to an unknown 
website, of course.   If you forget to do that, you'll find yourself in 
pop-up hell soon enough and hopefully that will remind you before you run 
into a truly malicious site.


At 05:48 PM 3/31/2001 -0800, Monte C. Smith wrote:

>  Excellent information, Dennis. Thanks for posting it.
>
>Regards,
>Monte
>
>
>
>DH wrote:
> >
> > > it is a serious vulnerability, essentially enabling a virus,
> > > worm, or trojan to auto-run on your machine simply by opening an email.
> >
> > It's worse than that. The code can be embedded in a malicious web page.
> > I don't (and never will) use OE for email but I use IE for my browser
> > because too many web pages won't display right without it. I did the
> > patch immediately when I read this.
> >
> > <<<<<<<
> > If a malicious user sends an affected HTML e-mail or hosts an affected
> > e-mail on a Web site, and a user opens the e-mail or visits the Web
> > site, Internet Explorer automatically runs the excecutable on the user's
> > computer.
> > >>>>>>>>
> >
> > While I was at it, I ran all the security patches I had missed since my
> > last upgrade. If you're running IE5.5 SP1 (the latest version), you
> > still need everything starting with the 11/22/00 patch. There are 6 of
> > them altogether.
> >
> > http://www.microsoft.com/windows/ie/download/
> >
> > --
> >   Dennis