Re: Microsoft Security Advisory (935423) Vulnerability in Window

Author	All Replies
Mele20 Premium join:2001-06-05 Hilo, HI	reply to NICK ADSL UK Re: Microsoft Security Advisory (935423) Vulnerability in Window Whoa! This is nasty! There is NO WAY to protect yourself if you use Outlook Express (even if you use IE7) and even Windows Vista Mail is somewhat vulnerable. From Microsoft Security Advisory (935423): "Caveat: Reading e-mail in plain text on Windows Vista Mail does not mitigate attempts to exploit the vulnerability when Forwarding and Replying to mail sent by an attacker. Note: Reading e-mail in plain text on Outlook Express does not mitigate attempts to exploit this vulnerability." I have always read all email in OE in Plain Text. That has been excellent protection until this. Alexander Sotirov from Determina recommends reading ALL MAIL with Telnet. That is sure going to be fun. -- "If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions" »www.msfirefox.com/
Mele20 Premium join:2001-06-05 Hilo, HI	to forum · permalink · · 2007-03-30 06:24:40 ·
AB Premium join:2006-04-04 Leesburg, VA	said by Mele20 : Whoa! This is nasty! There is NO WAY to protect yourself if you use Outlook Express (even if you use IE7) Don't use an animated cursor?
AB Premium join:2006-04-04 Leesburg, VA	to forum · permalink · · 2007-03-30 15:34:50 ·
EGeezer Go Bobcats Premium join:2002-08-04 Country! ·Callcentric ·RoadRunner Cable ·AT&T CallVantage	reply to Mele20 Microsoft has its priorities well placed ... said by Mele20 : I have always read my incoming email in OE in Plain Text. That has been excellent protection until this. Alexander Sotirov from Determina recommends reading ALL MAIL with Telnet. That is sure going to be fun. I use a really old version of Mailwasher (2.0.28 beta) to screen, preview and scrub junk while it's on my ISP's POP server. It's been quite effective and requires minimal effort. What really gripes me is that Microsoft has not issued a fix for this, but I just saw the second non-patch Tuesday WGA update notification. MS didn't wait for patch Tuesday to issue these "high priority updates". [sarcasm] But I'm sure that WGA updates must be a more meaningful priority for users than these insignificant little security holes. But at least I know if my systems become infected, they'll be using "genuine copies" of a vulnerable OS. [/sarcasm] -- 03:14:07 UTC Tuesday, Jan. 19, 2038 - a date that will live in infamy...
	to forum · permalink · · 2007-03-31 23:41:13 ·


Tuesday, 01-Dec 23:39:59	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF