Outlook is history WMP is new Target ... [Archive] - Antionline Forums

Click to See Complete Forum and Search --> : Outlook is history WMP is new Target ...

zigar

March 27th, 2002, 07:41 PM

They have discovered that the program allows malicious hackers to easily bypass Outlook's new security features, which block delivery of dangerous e-mailed attachments and turn off active scripting by default. A downloadable security update from Microsoft adds the same protections to Outlook 2000.
...
The experts say HTML-formatted e-mail containing code identified as a file that Media Player "trusts" can be embedded in an e-mail, which Outlook will then automatically allow the player to execute.
...
Users can turn off scripting in Outlook and Explorer, but scripting cannot be disabled in Media Player. The exploit will work with WMP versions 7 and 8, even if scripting is disabled in Outlook and Explorer.

http://www.wired.com/news/technology/0,1282,51361,00.html

oh goody...well....WMP is a bloated pile of crap anyway ...

freeOn

March 27th, 2002, 07:56 PM

So what there saying is that an html coded e-mail with a link to run a WMP file can be excuted. And if the media player is a default player on a system it doesn't need permission to run the file it will automatically execute and be opened. If someone put somthing in a file that media player trusts it could damage a machine tell me if I'm right or far off?

Vorlin

March 28th, 2002, 01:57 PM

freeOn, that's just about right...scary isn't it? Last time I checked, when you check a box to not allow scripting, that's what it should do, prevent scripting. Yet another reason why I use Opera and Winamp/Radlight for my audio/video/email needs. Screw MS. I stand by the statement that I'm glad I have everything on my machine registered and legit...except Windows because MS will never get money from me until they actually live up to just 50% of what their OS is supposed to do. Fsckers.

freeOn

March 28th, 2002, 01:59 PM

Damn that is so scary

Terr

March 28th, 2002, 11:10 PM

I think Microsoft is making most of it's money from the less computer-literate, who don't know the history of Microsoft making 'user friendly' things which totally destabilize the security of the computer... Let's make a list.

File Sharing on by default -- Some early versions
Scripting/Macros -- Duh
This current WMA thing
Internet Explorer. Enough said.
Outlook. Enough said.

cwk9

March 28th, 2002, 11:23 PM

If you going to use Outlook you might as well put up a sign that says "hack me".

Ouroboros

March 29th, 2002, 12:28 AM

Glad that I don't use either of them...I'm a 3rd party software maniac...Winamp, Irfanview, Quicktime...:)

Ouroboros