Stuart McLachlan
stuart at lexacorp.com.pg
Fri Dec 11 16:29:06 CST 2009
Here ya go - just what I was saying. Use a browser to render email and all sorts of nasty things can happen: http://www.theregister.co.uk/2009/12/11/thunderbird_threat/ On 12 Dec 2009 at 8:16, Stuart McLachlan wrote: > I'm talking about the attack which someone develops next week when they find yet another > security hole in IE. Until the exploit has infected a lot of people just like you, there won't be a > patch for it. Patches don't prevent new attacks, they just prevent old ones. > > As long as your email program uses a full blown web browser engine just to render the text > in an email, you are exposed to every new IE (or Firefox if you use Thunderbird for your > email program) exploit that comes along until they release a patch for it. > > Having the preview pane automatically render the HTML in an email is effectively the same > as clicking on a link and visiting a malicious website. > > -- > Stuart > > On 11 Dec 2009 at 16:53, Susan Harkins wrote: > > > =======Well, I'm not the expert, but I'm not sure I agree -- if the hole has > > been patched, what "next attack" are you talking about? Wouldn't any new > > attacks need a new, as yet, unpatched vulnerability? > > > > Susan H. > > > > _______________________________________________ > > dba-Tech mailing list > > dba-Tech at databaseadvisors.com > > http://databaseadvisors.com/mailman/listinfo/dba-tech > > Website: http://www.databaseadvisors.com > > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com