Domain: ntadvice.com
Stories and comments across the archive that link to ntadvice.com.
Comments · 16
-
Re:Mod the college student down...
Be wary, if Russ Cooper has his way you will be fined for each "violation". Where violation means you were infected.
see this for more details -
Jockeying for position
From Cooper's page about this:
The organization responsible for providing ISPs with the accurate identification information (possibly TruSecure Corporation, or maybe the new US-CERT) would determine the point at which fines will be imposed.
There must be a strong smell of pork wafting out of the DHS, as first Symantec and now TruSecure try to outdo each other's arslikhan.
-
Re:As good of place as any...you can't turn off HTML rendering in Outlook.
Is this possibly useful to you?
-
An iteresting NTBugtraq post
-
this is trashThis "news" story is either flamebait or off topic.
Anyone who cares about this stuff should be subscribed to Microsoft's Security Notification Service or NTBugTraq. Unless Slashdot intends to start posting every single security advisory that gets published (utter nonsense), this sort of news story doesn't belong on Slashdot.
-
Re:maybe if we stop answering it...
And if you're condemned to use Outlook at your place of employment, and don't want to let the spammers know of your apparent interest in "Busty and Hung Transexual Bestiality Porn" or "Earning a Non-accredited University Degree in Offshore Internet Gambling and Investing" when Outlook dutifully loads their fingerprinted URL, you can get NoHTML which will strip the HTML from your messages before that happens.
-
Re:Outlook but not exchange?
How does that work, exactly?
Well, I'm not sure how it works. There are settings in OpenMail's configuration to force outgoing messages to plain text. I think it does something like this (but haven't really looked into it):
1. if message is going out RTF format, Outlook usually sends a plain text version and a body.rtf file, so OpenMail just kills the body.rtf piece.
2. if message is formatted HTML, I think Outlook does the same thing, so OpenMail just drops the html piece.
3. if it is just one piece, with no body.rtf attached, no msmail.dat attachment, and no other attachment...I don't know what it does. I guess I should check into that.
As for incoming mail, it does something similar...dropping body.rtf and msmail.dat or winmail or whatever that stupid attachment is Outlook likes to send with messages. If it's HTML only with no other piece, it may let it through...I haven't really tried that...hmm.
Alternatively, for outbound, I think there may be a setting to force Outlook to set its format to Plain Text every time it connects to OpenMail...again, I'll have to check into it.
For inbound, even if OpenMail doesn't handle the HTML translation well, I can always use NoHTML instead. -
Re:I would have agreed a week ago
I know its late in this thread, but you can nuke HTML support in outlook. Take a look at nohtml...
-
Check out NoHTML for OutlookYou should probably look into NoHTML by Russ Cooper of NTBugTraq.
"NoHTML.dll is an Outlook Add-in designed to convert HTML-based emails into harmless messages. It works slightly differently for Outlook 2000 than it does for Outlook 2002. Does not work with Outlook 98, or any version of Outlook Express."
Also a story about it here, http://www.theregister.co.uk/content/4/23223.html.
I've had it installed at work for a week now and do just fine without all the images and special formatting of spam. -
Re:Fixing the staff problem
Ya, ya... I'm scanning a box now because I had a shared drive that just popped up as being infected.
We use outlook - but mine was patched and I used the web client via mozilla to avoid the vbscript, IIS disabled and using something else for a local JSP/HTTP server. I thought I was being carefull, and I still got nailed by nimda anyhow...
Your drill only works for the first case. From there on out, it sends it to every one in the address book. I get a message from the CTO, rather than 1337hxrs@hotmail.com, that is a known source for me. Your lucky most email virus subjects lines are stupid too - unless the damn preview nails you anyhow. Ah, hell... even when I was practicing safe hex, the only thing left standing was my sunblade.
BTW, the preview problem can be fixed for those of us forced to use outlook... Check out nohtml. http://ntbugtraq.ntadvice.com/default.asp?sid=1&pi d=55&did=38 -
Re:Not on windowsupdateThis is why I subscribe to the Microsoft security notification service (http://www.microsoft.com/technet/security/notify
. asp), not to mention NTBugTraq (http://ntbugtraq.ntadvice.com/default.asp?pid=31& sid=1#020). As a sys admin (among other things), I've found these two lists damn useful. They give more information than the average user needs, but if you're tech-savvy, and interested about what's going on, they're useful lists to be on.Tom.
-
Not as bad as it might seem
I haven't yet seen a comment that points out a critical factor for this bug:
You need to use Outlook(Express) as your Internet mail client, and not in its "Corporate and Workgroup" mode.
This saves a lot of the hassle for office types running their own mail servers.
See the NTBUGTRAQ article for more details.
-
Yes ... there is.
I'm assuming that you're using the information gathered and delivered by Russ, of NTBugTraq. Well then, let me post this, which completely belies his statements. Judge for yourself.
-
Re:Russ Cooper says "NO VULNERABILITY"
Well, there was a reply to the above post on ntbugtraq by Gerardo Richarte who says that there is a security hole in the dll. The exploit code is included in the post.
-
Possible Good ThingI don't much buy the whole NSA thing. Bruce Schneier has made some great comments on sci.crypt regarding this, check them out. In any case, this article:
http://ntbugtraq.ntad vice.com/default.asp?sid=1&pid=47&aid=52
seems to shed some good light on the subject. This find may be a good thing, allowing people to insert domestic crypto CSPs in export copies of windoze. In any case, as bad as M$ is, I'd check this one out thoroughly before passing judgement.
-
When paranoia strikes...More than a few of the people posting on this thread could use a nice chill-pill.
http://ntbugtraq.ntad vice.com/default.asp?sid=1&pid=47&aid=52 has a very reasonable outsider's perspective of what this issue is about.
Furthermore, there seems to be some confusion between CSP's and providers of authentication on NT. Assuming the worst possible case (e.g., the NSA can break everything encrypted via CryptoAPI), this has nothing to do with someone subverting LSA or kerberos and logging onto your system and reading or modifying your files.
In other words, you should really only be concerned if you're using the CryptoAPI to encrypt sensitive stuff. If you don't trust the CryptoAPI, then you can always use something unrelated, like PGP. But if your paranoia level is that high, then maybe even PGP has "backdoors" that you're unaware of...