OT: Security Issues (last one)
- To: perennials@mallorn.com
- Subject: OT: Security Issues (last one)
- From: "* P* L* <lindsey@lorien.mallorn.com>
- Date: Tue, 28 Jul 1998 23:01:03 -0500 (CDT)
To everyone on the list... I launched another off-topic discussion.
Sorry... :)
If you have questions or comments, please send them directly to me
via email (lindsey@mallorn.com).
> basically the same form....The actual killer e-mail never exists -
> because no such thing is possible. Viruses cannot launch themselves out
> of plain e-mail text. Period. ..."
> I am glad to receive your message that indeed this article is not
> factual. Is it totally wrong or is the virus in an attachment rather
> than in the mail itself??
That's the scary thing about this security hole. It actually allows the
potential virus to run on your machine JUST BY DOWNLOADING the email.
You don't need to open the attachment or anything. Imagine if somebody
sent out a few million spam messages that exploited this? It's potential
is being likened to the old Internet worm that forced a shutdown of the
Internet a while back.
Realize that this isn't problematic on all mail programs... It's a
security hole only evident in Outlook Express and Netscape Mail.
Other programs like Eudora, elm, pine, etc. haven't proven to be
vulnerable in tests. Believe me that I'll be testing the packages
that I use.
So... It's not something that should be allowable in your software,
but caused more by a lack of foresight on the part of some developers.
If people using this software upgrade, then it shouldn't be a problem.
Here's the (revised) URL:
http://ntbugtraq.ntadvice.com/editorials/newworm.asp
Chris
---------------------------------------------------------------------
To sign-off this list, send email to majordomo@mallorn.com with the
message text UNSUBSCRIBE PERENNIALS
