email security

It used to be (I think) that opening an e-mail was safe as
long as you didn't open attached files.

Now I'm hearing people can use code to get into your
system which is unseen and contained in the body of the e-
mail and simply opening this e-mail to read it can unleash
this code.

What I'd like to know is if you are at risk simply by
opening an e-mail that has no file attached to it. And
what can I do to prevent this, short of not opening e-
mails?

YK
Mon Jun 30 03:39:38 CDT 2003

ve wrote:
> It used to be (I think) that opening an e-mail was safe as
> long as you didn't open attached files.
>
> Now I'm hearing people can use code to get into your
> system which is unseen and contained in the body of the e-
> mail and simply opening this e-mail to read it can unleash
> this code.
>
> What I'd like to know is if you are at risk simply by
> opening an e-mail that has no file attached to it. And
> what can I do to prevent this, short of not opening e-
> mails?

If you use the Preview pane and are on-line then this is true.
A few things you can do are:
1. Turn off the Preview pane.
In OE go to View >> Layout >> uncheck Show preview pane.
2. Read messages in plain text.
Go to Tools >> Options >> Read >> Read all messages in plain text.
Note: Spammers use HTML tricks to verify that you opened their spam so
reading in plain text renders their trick invalid.
3. As soon as message headers are downloaded, double click on Working
Online to go into off-line mode.
4. Double click on the message to read it.
5. Also, have an up to date anti virus application running.
6. Get an e-mail preview application like Mailwasher that will clasify the
suspicious e-mail and allow you to delete it on the server without
downloading it.

James
Mon Jun 30 12:48:50 CDT 2003

Is this true of posts on ng's also?
YK <YKnot@home.invalid> wrote in message
news:#PurnMuPDHA.1748@TK2MSFTNGP11.phx.gbl...
> ve wrote:
> > It used to be (I think) that opening an e-mail was safe as
> > long as you didn't open attached files.
> >
> > Now I'm hearing people can use code to get into your
> > system which is unseen and contained in the body of the e-
> > mail and simply opening this e-mail to read it can unleash
> > this code.
> >
> > What I'd like to know is if you are at risk simply by
> > opening an e-mail that has no file attached to it. And
> > what can I do to prevent this, short of not opening e-
> > mails?
>
> If you use the Preview pane and are on-line then this is true.
> A few things you can do are:
> 1. Turn off the Preview pane.
> In OE go to View >> Layout >> uncheck Show preview pane.
> 2. Read messages in plain text.
> Go to Tools >> Options >> Read >> Read all messages in plain text.
> Note: Spammers use HTML tricks to verify that you opened their spam so
> reading in plain text renders their trick invalid.
> 3. As soon as message headers are downloaded, double click on Working
> Online to go into off-line mode.
> 4. Double click on the message to read it.
> 5. Also, have an up to date anti virus application running.
> 6. Get an e-mail preview application like Mailwasher that will clasify
the
> suspicious e-mail and allow you to delete it on the server without
> downloading it.
>

YK
Mon Jun 30 13:20:33 CDT 2003

James D. Jordan wrote:
> Is this true of posts on ng's also?

No. Most newsgroups limit posting to text. I have never YET seen any
malware redirects in newsgroups.

> YK wrote
>> ve wrote:
>>> It used to be (I think) that opening an e-mail was safe as
>>> long as you didn't open attached files.
>>>
>>> Now I'm hearing people can use code to get into your
>>> system which is unseen and contained in the body of the e-
>>> mail and simply opening this e-mail to read it can unleash
>>> this code.
>>>
>>> What I'd like to know is if you are at risk simply by
>>> opening an e-mail that has no file attached to it. And
>>> what can I do to prevent this, short of not opening e-
>>> mails?
>>
>> If you use the Preview pane and are on-line then this is true.
>> A few things you can do are:
>> 1. Turn off the Preview pane.
>> In OE go to View >> Layout >> uncheck Show preview pane.
>> 2. Read messages in plain text.
>> Go to Tools >> Options >> Read >> Read all messages in plain
>> text. Note: Spammers use HTML tricks to verify that you opened
>> their spam so reading in plain text renders their trick invalid.
>> 3. As soon as message headers are downloaded, double click on
>> Working Online to go into off-line mode.
>> 4. Double click on the message to read it.
>> 5. Also, have an up to date anti virus application running.
>> 6. Get an e-mail preview application like Mailwasher that will
>> clasify the suspicious e-mail and allow you to delete it on the
>> server without downloading it.

|{evin
Mon Jun 30 21:29:34 CDT 2003

On Mon, 30 Jun 2003 14:20:33 -0400, "YK" <YKnot@home.invalid> wrote:

>James D. Jordan wrote:
>> Is this true of posts on ng's also?
>
>No. Most newsgroups limit posting to text. I have never YET seen any
>malware redirects in newsgroups.
>
Actually, scripts can be embedded in HTML posted to newsgroups. If
your newsreader is set to read in HTML you can be nailed just as
easily.

S
Tue Jul 01 05:54:25 CDT 2003

Therefore the solution for both e-mail and news problem will be disabling
scripting for everything not explicitely trusted... or just everything for
starters.

--
Svyatoslav Pidgorny, MS MVP, MCSE
-= F1 is the key =-

"|{evin" <You@dont.need> wrote in message
news:gls1gvgv6do0v35piueealcse4hio4fib5@4ax.com...
>
> Actually, scripts can be embedded in HTML posted to newsgroups. If
> your newsreader is set to read in HTML you can be nailed just as
> easily.
>

|{evin
Wed Jul 02 01:13:56 CDT 2003

On Tue, 1 Jul 2003 20:54:25 +1000, "S. Pidgorny [MVP]"
<slavickp@yahoo.com> wrote:

>Therefore the solution for both e-mail and news problem will be disabling
>scripting for everything not explicitely trusted... or just everything for
>starters.

Amen to that!