4 Dec
2002
4 Dec
'02
1:17 a.m.
I use Pegasus as my mailer, but it is entered as the email program
in the program defaults. How likely is it that this could be exploited
by programs that usually attack Outlook.
Lawrence
On Tue, 3 Dec 2002, Jeffrey Sharp wrote:
Many web browsers include e-mail clients which use the information for
the sender address. My preference is to use never use browsers that do
more than browse, or at least to enter bogus information for mail
address.
Now... if you're using IE, I'd not be surprised if it already has access
to your e-mail details from Outlook. Given how trivial it is for virus
writers to exploit the security weaknesses in both IE and in Outlook--in
particular to pillage the Outlook addressbook for the purpose of
self-propogation--it would be just as easy for clever spammers to use
those same weaknesses to harvest e-mail addresses.
What's depressing is that you don't even have to run Outlook to be a
victim; you only need to know someone who has your address in their
Outlook addressbook.
Spam doesn't bother me too much, as I've the righteous tools of Unix,
pine, procmail, and access to a variety of freely available Bayesian
inspired spam filtering tools on my side. :-)
-brian.
lgwalker(a)mts.net
bigwalk_ca(a)yahoo.com
On Tuesday, December 3, 2002, John Allain wrote:
It IS
true that www cgi's (and prob. asp's) can get your eMail from
a page hit, so changing that in your browser is probably an
important first step.
However, some browsers (e.g. IE) don't ask you for an email address.
Therefore I think it is unlikely that they can transmit that
information.
And, really, why does a WWW browser need to know that in the first
place?