Email Security Problems
|
|
|
Email Bug
|
|
"Good Times" Virus
|
|
Cult of Dead Cow
|
|
Please Check This Posting Again.
|
|
Related Links
|
|
When Legends Get Teeth --
Email Bug-- Dangerous?
"Once upon a time there was a hoax called the Good Times virus. Today, the danger is actually present."
Edited by Dr. Raj Mehta
Details supplied by Bruce Gingery, bgingery@gtcs.com
(Comment: Most computer users, especially in India, are not very particular about computer security related issues. With Internet coming to India, about three years ago, people are excited about using it. Of course E-mail is most prevalent use of the Internet. Until last week, one did not think that dangerous viruses can be transmitted by E-mail. Researchers from Finland, have discovered a fatal flaw with with most popular E-mail software e.g. Outlook Express, Outlook Express98, Netscape's Messenger and Eudora (ver 4.0 and up), which can allow a hacker to transmit very dangerous viruses which can erase your hard disk or even damage the motherboard. If you are using any of these E-mail programs, you better download a FIX for it from the web site of the software developer.
For some time, ever since problems related to MS-Word, Excel and Power Point surfaced, Bruce Gingrey, who is expert on security issues, has been predicting problems with OLE based E-mail software. Now this has come to pass.
Computer security is like security of your household-- unless you take very definite measures towards it, you leave yourself open to an assault.)
For years, the hoax best known as the ``Good Times'' virus has been
debunked as ``can't happen'' by all but the most careful security
advisors. (For over two years, now, I've been predicting a change in
that, and QUALIFYING such a response).
While the ``Good Times'' may still be a net legend, the security in OLE
based E-Mail software is so lax, according to reports today, that the
pervasiveness today could rival the true but legendary ``Internet
Worm'' of decades ago, which shut down the then-new Internet.
The abbreviated wisdom USED to say "No, there is no way to get infected
with a virus or trojan in an E-Mail message". Well, last week this has changed. Read On.
IF you are using Microsoft OLE-based or similar E-Mail, such as Internet
Explorer, or Outlook Express on Windows 3.1, Windows95, Windows98, or
WindowsNT or even on Solaris, your are succeptible. If you are using
Netscape on one of the MS-Windows platforms, you also are vulnerable.
Check out the story from San Jose Mercury of Silicon Valley, http://www.mercurycenter.com/business/tech/docs/security072898.htm
It was reported by news.com as well
http://www.news.com/News/Item/0,4,24668,00.html.
Or check the collection of stories from www.news.com http://www.news.com/News/Item/0,4,24675,00.html?st.ne.fd.gif.j
Exactly which E-Mail programs are affected on Windows is not yet known,
as there are many which have not yet been ruled out, even though the
above are known to have the fatal flaw.
How dangerous is it?
Well, if you think that the possibility of wiping out your hard drive
or even destroying your PC's motherboard as reported for the CIH virus
is dangerous, consider that this problem is inherent in the underlying
software designs. Virus checkers are not effective against this
security hole. Firewalls are not effective against this security hole.
How can I know?
For starters, check the warnings on the net in todays news, or on
security postings such as:
Microsoft's sercurity posting and
Netscape's website
Or look through the headers of a message you have mailed to yourself
which displays something similar to:
X-Mailer: Mozilla .... (Win95;I) or
X-Mailer: Microsoft Internet Mail or
X-Mailer: Microsoft Outlook Express
or look for similar names in a Help->About menu option to be sure that
you ARE vulnerable. It is not known, yet, whether or not the extremely
popular ``Eudora'' software is vulnerable, nor if AOL's popular mail
software is affected.
The abbreviated wisdom USED to say "No, there is no way to get infected
with a virus or trojan in an E-Mail message".
For E-Mail software which does not automatically invoke Active-X or OLE
or similar outside functions, that is still true. Unfortunately, the
features in some of the worlds now most prevalent E-Mail software has
again exceeded its security planning.
Please Check Again for More Details
|