On 8/1/07 1:01 AM, Harold Fuchs wrote:
On 01/08/07, Larry Gusaas <[EMAIL PROTECTED]> wrote:
On 7/31/07 6:20 PM, Harold Fuchs wrote:
On 31/07/07, Larry Gusaas <[EMAIL PROTECTED]> wrote:
On 7/31/07 4:22 PM, Harold Fuchs wrote:
I only see the headers in the Inbox. That's because I turn off the
Preview Pane; the Preview Pane is highly insecure anyway, so turning
it off is always a good idea.
Please explain what is insecure about the Preview Pane. I assume you are
referring to Thunderbird. I know of no insecurities with it.
The Preview Pane *opens* the message. Opening a message can trigger certain
forms of attack attack. It used to be extremely common, especially on Windows.
Most of those vulnerabilities have been fixed over the years but I still don't
trust it.
That was a problem with M$ Outlook and Outlook Express in the past. It
is not a problem in Thunderbird. Please do not spread misinformation.
Thunderbird may well be safe in this regard but
http://www.cybertopcops.com/tips_tricks.php#preview_pane suggests otherwise.
That site gives no reasons for its suggestion. mozillaZine says this:
http://kb.mozillazine.org/Thunderbird_:_FAQs_:_Viewing_Headers
*Note: * There are normally no security issues when you read a
message in Thunderbird. It is not normally possible for hostile code
to attack your computer just because you read a message. But if you
open an attachment, then Thunderbird passes the attachment to your
operating system or to some other application. Your operating system
or the other application might allow the attachment to attack your
computer.
I asked on the Thunderbird support group and received this response:
There is "some" validity to that. However, with Javascript disabled,
remote images disabled and the view message body selected to plain text,
there is no problem with opening ANY messages. Attachments can be a
different story IF the user downloads AND executes the attached file.
Simply opening a message containing an attachement is no cause for alarm
as it requires further deliberate action of the user.
I don't remember, but I think that Javascript is disabled by default
in TB.
I checked and Javascript is disabled by default in TB 2.xx. I don't know
about TB 1.5.xx which you are using. I woud suggest updating to the
latest version of TB 2.xx
In conclusion, your statement "the Preview Pane is highly insecure" is
unfounded.
--
Larry I. Gusaas
Moose Jaw, Saskatchewan
Website: http://larry-gusaas.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
