Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'eudora-mail'

Total: 1/1
    1. [EUDORA] Security Hole in EUDORA Email Browser!!!!! READ!!!!!
    2. EUDORA-MAIL & VIRUS-DISCUSSION Listowner

    3. There is an article on ZDNet, concerning a "security hole" in QualComm's Eudora Email Browser. Please log on and read it. QualComm says it will "fix" this security risk in the next update. http://www.zdnet.com/zdnn/stories/news/0,4586,2557027,00.html To fix the problem now, here are instructions: *************** QUALCOMM recommends that users edit their Eudora.ini file and add the following line: WarnLaunchExtensions=exe|com|bat|cmd|pif|htm|do|xl|reg|lnk to their "[Settings]" section. (The default is to warn for all of these extensions except the "lnk" one.) Qualcomm has said that the next version of Eudora will warn for .lnk files as well, by default. *************** If you use Eudora's "Tools/Options/Extra Warnings" and put a check mark in "Warn Me when I Launch a Program from a Message", the above line will be added to EUDORA.INI, but it will not include "lnk" at the end. That's why you need to either add the complete line (if you don't already have it), or to add the "|lnk" to the end of an existing line. (The "|" is made by holding down the Shift key and hitting the key for the "\" backslash.) If you don't have time to log on to ZDNet and read the article, here's the gist: *************** A researcher has discovered a security hole in Qualcomm Inc.'s (Nasdaq: QCOM) Eudora e-mail program that could allow a hacker to run code on a user's machine. The exploit requires that a user open an e-mail file and click on a link in the message (usually a blue color, and underlined; it may appear as an actual URL, or it may be simply something like "Click Here", or just clickable blue underlined text). When the user clicks the link, the code (attachment - virus, worm, etc.) is executed. The trick, explained below, is to mask the warning that Eudora normally displays when a user tries to run an executable file that is sent as an attachment. The hacker would send the user TWO attachments, the executable file and a hyperlink (.lnk) that points to the other attachment. If the user clicks on that (the hyperlink), the executable code will run without Eudora displaying the warnings. *************** I suspect that Eudora is not the only email browser that has this problem. I think we'll see shortly that other browsers are susceptible to the same problem. Leave it to the hackers to find new ways to screw around with us and corrupt our files and hard drives! I just wish they would get jobs and do something beneficial for humanity for a change. SgtGeorge Listowner

    05/03/2000 07:26:59