It will ask you every time is the way the majority are set. IF you store them in IE, which most people do eventually or they use the same password for everything then they are vulnerable to the exploit.
The original discussion concerned how an individual who never clicked on any spoof emails lost his account. There are not many more options. And all of the "just don't click on it" or "just don't open it" advice is an incomplete story and misleading to the computer challenged. Storing passwords or login info in IE and using Outlook or Outlook Express is an outstanding way to have your passwords out on the street, without your knowledge. It is an old routine but it still works. Use any other email program and the risk level goes way down. You should also be aware that OE used to start in the background with IE. I have no idea if it still does with the latest fixes. One of the first things I killed in XP was OE. And it was not a trivial task. On Wed, 24 Oct 2007 18:41:17 -0700, Daniel Melvin wrote: >The default does not store passwords. You have to allow IE to store >passwords. >----- Original Message ----- >From: "Rich" <[email protected]> >To: "Antique Phonograph List" <[email protected]> >Sent: Wednesday, October 24, 2007 5:13 PM >Subject: Re: [Phono-L] Record Price for Edison Army-Navy?? >>I would be more than willing to debate that with you. The password and >>username is stored by IE if >> you allow it to do so, this is more than the cookie that is set when you >> check remember me. The MS >> email programs will run several different programs if you allow then to be >> previewed, you do not have >> to do anything. They will also execute any scripts imbedded in the HTML >> if you preview any HTML >> message. Your information is correct but somewhat out of date. The >> people who are getting burned >> now are the people running a stock system that has not been modified for >> secuity, they are still using >> the default settings. >> >> >> On Wed, 24 Oct 2007 16:50:00 -0700, Daniel Melvin wrote: >> >>>The previous post wasn't completely accurate, but there was some good >>>advise. Change settings on any email reader to not show the content of the >>>email unless you open it. All the issues mentioned below go away. Also, if >>>you use Automatic Update with any operating system you have the likelyhood >>>of such issues go way down as well. Caution is the the key. Don't open or >>>respond to emails from anyone you don't know. Don't click on links in >>>emails >>>you don't trust. It's fairly simple. >> >>>Also, the ebay password is not on your computer in a cookie unless you say >>>remember me on this computer. Something I never do on any computer for any >>>password. That again is not unique to windows. The password is stored on >>>your computer by the web page when you click on the remember me on this >>>system part of the login page. >> >>>Dan >>>----- Original Message ----- >>>From: "Rich" <[email protected]> >>>To: "Antique Phonograph List" <[email protected]> >>>Sent: Wednesday, October 24, 2007 2:53 PM >>>Subject: Re: [Phono-L] Record Price for Edison Army-Navy?? >> >> >>>> If using Windows and either Microsoft email programs, Outlook or Outlook >>>> Express, you need to be aware >>>> that Internet Explorer stores login information. The email program will >>>> run a script if you open or view, >>>> an email. The script will go extract your login info and ship it off >>>> through the internet. see the linkage >>>> of the email and the browser? That is the hole. The script in question >>>> is usually a .vbs routine >>>> embedded in an HTML formatted email. Outlook / Outlook Express run the >>>> ,vbs by default, you can turn >>>> this "feature" off. Also turn off displaying HTML emails. >>>> >>>> This is how you loose your ID and Password and never filled in anything. >>>> >>>> >>>> On Wed, 24 Oct 2007 14:48:20 EDT, [email protected] wrote: >>>> >>>>>Bruce, I had my eBay identity AND password hijacked recently and >>>>>someone >>>>>used it to put a bunch of Mercedes, Jaguars and Rovers up on eBay for >>>>>sale by >>>>>......me! I still haven't figured out how they would benefit from >>>>>this. >>>>>But >>>>>I was told by eBay that you don't even have to click on the links given >>>>>on >>>>>the phishing site for them to find your password. You just have to >>>>>OPEN >>>>>a >>>>>phishing email for them to gain that information. I certainly don't >>>>>understand >>>>>how they can do that. I'm opening fewer emails now! >>>>>---Art Heller >>>> >>>> >>>> >>>> _______________________________________________ >>>> Phono-L mailing list >>>> http://phono-l.oldcrank.org >> >>>_______________________________________________ >>>Phono-L mailing list >>>http://phono-l.oldcrank.org >> >> >> >> >> _______________________________________________ >> Phono-L mailing list >> http://phono-l.oldcrank.org >_______________________________________________ >Phono-L mailing list >http://phono-l.oldcrank.org
