Yes, there are several unpatched holes in IE. Most, if not all, of the ones I've heard of affect default installations, or at least ones where certain holes are left open. While I don't use IE as my browser, I still use OE for e-mail, mainly because I have 6 years history of sent e-mail there. It also has some features to handle multiple accounts that Mozilla does not have and Eudora does not seem to have (I couldn't find them).
What defense I have as an OE user is to disable just about everything for incoming e-mail: no script, no Java, no ActiveX, no IFRAME, etc. Scott Nichol ----- Original Message ----- From: "Tom Myers" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 06, 2002 10:16 AM Subject: Re: Ed King? > Scott Nichol wrote: > > > I do use Linux, but not for e-mail. When properly configured, no > > executable content can run from e-mail in Outlook Express, at least > > until someone finds the next security hole in it ;-). > > Since I use IE/Win for SOAP development (xmlhttp), I do worry about the > unpatched security holes in IE, e.g. > http://www.pivx.com/larholm/unpatched/ > and consider them SOAP-relevant, at least for me. Outlook Express is > less SOAP-relevant, of course, but I thought it used IE as html > viewer and was therefore vulnerable to most if not all of the IE > attacks, just as Eudora is if you use the "Microsoft Viewer"; e.g. > http://security.greymagic.com/adv/gm002-ie/ > still listed as "unpatched" by Larholm as of yesterday. Is this > false? If so, I would appreciate the correction; I tell clients and > friends to avoid Outlook Express except on Macs, but it isn't a > religious issue. > > (Yes, I know we're straying from SOAP, and won't continue the > "Ed King?" thread further even to speculate that this atypical > behavior for the virus amounted to a DoS attack by an evil > Windows machine on an open-source list. no no no, it wasn't me > saying that, it was the other > > Tom Myers) > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
