That's ok, I do not participate in flamewars.
My information does not come from the media, but
rather from a more reliable source (bugtraq, MS
security bulletins - man, why does MS never include
some exploit code so we can see how it works :).
About the preview pane: An oversight on my side. However,
I suppose most people use it, so you're as good as dead
the minute you got the email. I'm not sure I want ActiveX
support inside my email client - why does it need it in
the first place? Reusable components inside email? Fah.
It may be have it's uses, but the potential for destruction
is huge. The fact those are IE problems are
even worse, btw :) Why do they have to integrate it all
together, just grep some bugtraq/ntbugtraq archives for
activex/IE/outlook and prepare for a very long read.
Just for fun:
http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-08-8&[EMAIL PROTECTED]
It's a MS security bulletin about a bug in OL, caused by
attachements with long filenames. No need to open/view the
email - just download it. But it's funny to see how they
downplay an overflow - treating it as if it just means that
Outlook "may" (ahem) crash. Sheesh, an overflow like this
basicly means you're rooted (or administratored, in this case).
No limits on characters, it just all flows into the
friendly registers.
Again, I'm only pointing out that OL has some severe flows,
as well as some advantages. What bothers me the most, however,
is how many of them there are. It's just amazing.
Good luck with your sslmail though. Oh BTW...Ignore
the oddly-named long-named attachment I have attached
to this mail message. It does, um, nothing. For now.
Aviram Jenik wrote:
> Thanks.
>
> Just to set the record straight, the recent OL bugs are not outlook
> problems, but rather IE problems. And the exploit didn't happen
> before you opened the message (I would really like to see this
> happen..) - it was a typical media overblow. When you watched the
> message **in the preview pane** the exploit happened (last time I
> heard, preview pane opens the message in both Netscape and IE) the
> stupid CNet/ZDNet people decided it's totally different from opening
> the actual message, and this stupid misunderstanding became a fact.
> Also, the exploit involved the ActiveX capabilities of Outlook and
> outlook's integration with IE... Those are not outlook/IE specific,
> but rather a general ActiveX problem (if Netscape had a decent
> ActiveX support the same flaws would have affected it as well).
>
> Man, don't take offence ;-) you were helpful. Thanks. (I hate
> starting a flame war with someone who just pointed me in the right
> direction)
>
> - -------------------------
> Aviram Jenik
>
> "Addicted to Chaos"
>
> - -------------------------
> Today's quote:
> Let us begin by committing ourselves to the truth -
> to see it like it is, and tell it like it is -
> to find the truth, to speak the truth, and live the truth.
> - Richard Nixon. accepting the Presidential
> Nomination, 1968
>
> - ----- Original Message -----
> From: "Omer" <[EMAIL PROTECTED]>
> To: "Aviram Jenik" <[EMAIL PROTECTED]>
> Cc: "linux ILUG" <[EMAIL PROTECTED]>
> Sent: Tuesday, December 07, 1999 7:44 PM
> Subject: Re: SSLPop
>
> >
> > I don't like Outlook very much (even with the rules wizard it
> > lacks decent filtering capabilities, but I guess you can do
> > server-side processing if you need it. procmail is good),
> > but it supports POP over SSL, as well as IMAP over SSL.
> > And it does have the advantage of not dying when it has a large
> > information store (mine is 270MB, NS Messenger often likes
> > to choke when you have above 10,000 messages or so - but I still
> > use it at home :). Of course, one must never forget the recent
> > fiasco with several OL security holes (geez, you get an email - you
> > don't even open it, and WHAM! activex and whatnot is all over you).
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/>
>
> iQEVAwUBOE0xjbmXn7wmP4ZzAQHCDwgAgxlzgwOPg0C+1xRYTCoFJPpibeEz3AJ/
> gxXUAxk8jrApJZ3n0IzsYz+1GT7vcng3bqKWCmJ+H7HNbdNo6xofE2J2TnKXWwP+
> QrWoiq7us+9RiDkGLVO+1UmiFOT37VmtjeZOUp5IC+aZfVEvc1+njYrMzFtXMkly
> N2Jer4/liecKby/eVlikuJ4b+ybSa27k2Rinwms2xGqxKpS4Ge6uQdwhiZvQzr7R
> 5bIy63yHCvohbvnzA4+ByWT6GBPem7b2DMsI6BrBw+hnMdauDIy7wmpgTIle3viT
> sni1hFpG5CfuaS8524chlocdpP8f68H4/KDmKe3QRoBiOZLLaWvNfQ==
> =H/78
> -----END PGP SIGNATURE-----
--
/--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
[ Microsoft Vaccine 2000 is configuring your immune system. This may ]
[ take a few minutes. If your body stops responding for a long time and ]
[ there is no brain activity please die. Setup will continue after you ]
[ are reborn. ]
\-----------------------------------------------------------------------/
- Quoting Buzh, asr
S/MIME Cryptographic Signature
