Re: [LUG] Sharp business practice in North Devon

[Simon Waters <Simon at wretched.demon.co.uk>]

Peter Hatton wrote:
> 
> Have a look at http://www.impsec.org/email-tools/procmail-security.html

Thanks Peter, will add to my list of interesting bits and pieces.

The problems with Outlook go much deeper than VBS. Certainly early
versions of OE5 do not even correctly honour the security settings for
the security zones in which you tell it to treat your mail (I saw non
malicious exploitation of this against myself to the point where I just
went Netscape the next day - even though this version of Netscape has
similar problems I know it won't get wiped by the next big VIRUS just
through lack of popularity - and it'll probably only wipe out stuff
under $HOME).

It is merely a matter of time before another big virus wrecks havoc on
the OE crowd.

Interestingly Microsoft have just announce the security plan for .NET
and basically looks like more of the same flawed thinking... Mainly
write less insecure software, rather than building on the 'sandbox' or
'secure channel' mentality of Java/ NSA/selinux. However it was a press
event and I haven't seen enough technical details to say more at this
time.

That said my Linux box doesn't appear to have been rooted yet, but that
was only due to me shutting down unneeded services, and port filtering
carefully, and a lot of luck.

There will always be computer security risks, but I think OE has to join
sendmail, as a product that has been so badly architected and
compromised in the past that you don't use it for business use until it
has had a major rewrite and audit.


-- 
Want to learn about Linux? Get it installed?
Devon and Cornwall LUG Event for UK Linux Day 
Exeter University - Sunday April 29th 2001 10:00 to 17:00
www.linuxday.org.uk or join D&C LUG www.lug.termisoc.org
--
lug-list - The Mailing List for the Devon & Cornwall LUG
Mail majordomo at lists.termisoc.org with "unsubscribe lug-list" in the
message body to unsubscribe.