On Fri, 6 Feb 2004 15:09:33 +0000, Mat Harris <[EMAIL PROTECTED]> wrote: >On Fri, Feb 06, 2004 at 10:09:11 -0500, Fred wrote: >> One small step in the right direction, >> >> Microsoft changes functionality of Internet Explorer to display "Invalid >> Syntax" when using user:[EMAIL PROTECTED] in a URL. >> >> The latest security update for Feb (4)? causes these types of URLs to break. >> This means the fix has a great side effect. The spammers and phishers who >> always try to mask their identity with a stupid flaw like this WILL FAIL. >> This will eventually cause anyone who updated to not be able to view spam >> sites with these types of URL's. Urge Windows users to upgrade now! >> >> This is good news! > >ya, unless your the admin for many legitimte sites that use that syntax. > >a huge rewrite will be on some peoples cards now :(
Better yet, have your users that are fans of HTML email switch to reading their email in plain text as, believe it or not, MS now recommends. From http://www.microsoft.com/technet/security/bulletin/MS04-004.asp, "Workarounds [...] If you are using Outlook 2002 or Outlook Express 6.0 SP1 or later, read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector Microsoft Outlook 2002 users who have applied Service Pack 1 or later and Outlook Express 6.0 users who have applied Service Pack 1 or later can enable a feature that will enable them to view all non-digitally-signed e-mail messages or non-encrypted e-mail messages in plain text only." Alan Baxter P.S. It's ironic that the originator of this thread is sending HTML email. -- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html
