[svlug] Virus FUD

Walter Reed walt at hubinternet.com
Tue May 9 12:38:15 PDT 2000


Close. When you have active scripting INSIDE the HTML mail, there is no 
attachment. It's part of the HTML.

Check out: http://news.cnet.com/news/0-1003-200-1823347.html

I still think there should be some class action lawsuit against MS for
knowing about this problem, and yet defending it as a feature.

What's the difference between this and the Tabacco industry claiming for
years that Cigs did not cause health problems, then deciding that it was
the users own fault for ignoring the warnings on the package?

MS should be required to:
 * Change the default settings in Outlook to be more secure
 * Compensate users / businesses that were damaged as a result of MS's
 negligence.

If the Tabacco industry is not protected by the warnings on Cig packs,
why should MS be protected by their shrink wrap license? I think the 
precident has already been set.

On Tue, May 09, 2000 at 10:09:27AM -0700, Marc Merlin wrote:
> On mar, mai 09, 2000 at 08:08:07 -0700, Walter Reed wrote:
> > In the three pane view of outlook, you don't actually have to "open" it,
> > just scroll over it and you are toast. This is the view that shows the
> > email in the lower window and the subject / author in the upper window.
> > As you scroll through the messages, each message is opened, and any nasty
> > javascript or (h)activex script is executed. This has already been proven.
> 
> Wait a minute,
> Are you saying that the mere fact of viewing the Email runs the attachment?
> How about the user who says "I saw the subject and I deleted the message
> without opening it". Is that possible?
> 
> Forgive me for those questions, I am completely clueless about outlook
> 
> Marc
> -- 
> Microsoft is to software what McDonalds is to gourmet cooking
>  
> Home page: http://marc.merlins.org/ (friendly to non IE browsers)
> Finger marc_f at merlins.org for PGP key and other contact information





More information about the svlug mailing list