lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <010c01c340f4$921ba8f0$550ffea9__27998.9179144197$1057340224@rms>
Date: Wed, 2 Jul 2003 20:03:16 -0400
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...URITYFOCUS.COM>
Subject: Email marketing company gives out questionable security advice


Hi,
 
Last week, I received an unsolicited email message from Mobil Travel
Guide about their new online service.  In the message, I was encouraged
to turn back on ActiveX and scripting in Outlook in order to view a
Flash movie embedded in the message.  Needless to say, I thought this
was a terrible idea.  Instead, I wrote the company who created the ad,
Digital Produce (http://www.digitalproduce.com), saying they were giving
out bad security advice and they should stop doing this sort of thing
in future mailings.  

I got a reply from the company this week basically saying that they
agree with my concern, but not my solution.  Instead they decided to put
a little security warning on their "real media fix" page.  This fixer
page can be found here on their Web site:

   http://www.digitalproduce.com/site_resources/pdfs/outlookfix/

I think the warning message is pretty lame and misleading.  Microsoft
released the Outlook Security Update a few years back because anti-virus
software wasn't stopping email worms.  Turning back on ActiveX and
scripting only encourages the virus writers.

(As an aside, the Xbox division of Microsoft is also a customer of
Digital Produce.  I wonder if any Xbox ads gave out this same bad
security advice?)

OTOH, it's not too hard too understand where Digital Produce is coming
from.  According to a recent article in Internet News, only about 30% of
email users can view rich media email.  This percentage is declining as
people upgrade Outlook and Outlook Express to newer versions with better
security features.  It's pretty obvious that Flash-enabled email is a
dying market.

Along these same lines, images in HTML email messages will be the next
thing to go.  The upcoming versions of Outlook and the AOL 9.0 email
reader will no longer show images in HTML email messages by default.
Hotmail offers this same feature as an option today.  This feature is
intend to make email more kid-friendly by blocking porno pictures in
incoming spam messages.  It also stops spammers for snooping on people
using Web bugs.

It will be interesting to see how email marketing companies and
spammers adapt to these technical changes in HTML email.

Richard M. Smith
http://www.ComputerBytesMan.com
  



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ