-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Something I wrote earlier...
- ---
I found this today on Excite
(http://news.excite.com/news/r/991109/15/net-tech-virus). Another
virus is born...
And yet again, Network Associates seizes the opportunity to make a
spectacular announcement. <quote> "Historically, as long as you don't
open e-mail attachments you're safe from virus infection, but this
changes all that," said Sal Viveros, a marketing manager at Network
Associates. "We've finally come to the point where if you're using
e-mail, specifically (Microsoft Corp.'s) Outlook, you need to have
some sort of virus protection or you shouldn't read e-mail." </quote>
NAI either doesn't get it, or shamelessly exploits this virus as yet
another marketing ploy (Remember the furor about Explorer?).
It is common knowledge (and if not, it should be) that previewing an
email in the Preview Pane has the same effect as opening the email in
another window. It simply doesn't matter where the email is
displayed. As long as Outlook is configured to 'show' (either Preview
Pane or new window) HTML emails, malicious code can be executed.
At this time a reminder to:
1) Configure your Restricted Zone under the Security Section of
Internet Explorer (Tools->Internet Options->Security->Restricted
Sites->Custom Level) to not allow ActiveX, Java, etc. Basically,
disable everything.
2) Set the email zone in Outlook to Restricted
Sites(Tools->Options->Security->Secure Content). [Sorry, don't have
Outlook Express handy, but there should be a similar setting]
Again, I don't see this virus as something new and sensational. I
have not studied it and I may be wrong. But my hunch tells me it's
just another Melissa, nothing more. I just has been presented as a
<quote> believe to be the first e-mail-borne computer infection that
doesn't require a user to open an e-mail or e-mail attachment for it
to wreak havoc way in the media.</quote>
IMHO, baloney...
Regards,
Frank
> -----Original Message-----
> From: Amergin [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 09, 1999 8:32 PM
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: bubbleboy (fwd)
>
>
> Now if M$ doesn't have a patch already available I'll be pissed. I
> was told a year and a half ago by a M$ employee that they had
> already found this bug. He told me that they knew it could be done
> but they were counting on no one else discovering it.
>
> Security through obscurity, works quite well as we can see.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOCmCiURKym0LjhFcEQKO/wCeIlET+gLcg+z+oUhGhxSQBOa8YCwAoLwC
/PVZmMqa4rNmwH7YczGwrrii
=DL8L
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
