nanog mailing list archives

Previous By Date Next
Previous By Thread Next

product liability (was: Virus Update)

From: William Allen Simpson <wsimpson () greendragon com>
Date: Tue, 09 May 2000 10:56:33 -0400

Apparently, this is just another example where M$ ignored reports of 
the security vulnerability for years, and now everyone else has to pay.
Lloyd's of London is estimating the cost at $8,000,000,000 and rising.

There's a report of another security hole that Netscape fixed years ago, 
but still exists in Outlook:
  http://news.cnet.com/news/0-1005-200-1820959.html

Are any of our bigger ISPs willing to initiate a class action to recover 
the costs?

Dean Robb wrote:


At 06:56 PM 5/4/00 -0400, David Charlap wrote:


One of them (I think Outlook) can also auto-launch attachments when the
message is selected (and displayed in the preview window) and not even
opened.  This is a _BIG_ security hole that Microsoft has not fixed,
despite other virusses (like Melissa) which have already taken advantage
of it.



There are instructions for disabling ActiveScripting in Outlook on the MS
website.  It's enabled by default. That'll stop the attachements from being
auto-executed.  Remember, according to their TV ads, MS exists to help the
consumer!



WSimpson () UMich edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
Previous By Date Next
Previous By Thread Next

Current thread: