On Sun, 2003-10-19 at 22:22, James Sparenberg wrote: > On Sun, 2003-10-19 at 22:13, Eric Huff wrote: > > > > But why is the OS running attachments in an email w/o the user > > > > saying so? > > > > > > Mozilla, Edit > Preferences > Advanced > Scripts and Plugins, > > > she's probably got them enabled for mail and news reader. If that > > > isn't enabled, then they shouldn't be able to do anything, but if > > > it is enabled then preview pane will be enough to launch Bad > > > Things(TM).-- > > > > I see. That sucks. Remember when "You can't get a virus by reading > > email" was still true. <sigh> > > yeah... just now... no... wait I'm on Linux... yeah.. the theme fooled > me for a second. *grin* > > James
actually, I got into a half-hearted argument with one of the Evolution developers one time because he admitted that Evo blindly trusts MIME types and passes them to the handler. I argued that a crafted jpg could overflow eog or ee or whatever and run stuff, he responded that it was really unlikely, I responded so was the SSH-CRC attack until it happened, we ended up agreeing to disagree. Basically, Linux is a more secure desktop, but it is still going to be possible in the future for malicious code to smack your ~. -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
