North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

product liability (was: Virus Update)

  • From: William Allen Simpson
  • Date: Tue May 09 10:59:29 2000

Apparently, this is just another example where M$ ignored reports of 
the security vulnerability for years, and now everyone else has to pay.
Lloyd's of London is estimating the cost at $8,000,000,000 and rising.

There's a report of another security hole that Netscape fixed years ago, 
but still exists in Outlook:

Are any of our bigger ISPs willing to initiate a class action to recover 
the costs?

Dean Robb wrote:
> At 06:56 PM 5/4/00 -0400, David Charlap wrote:
> >
> >One of them (I think Outlook) can also auto-launch attachments when the
> >message is selected (and displayed in the preview window) and not even
> >opened.  This is a _BIG_ security hole that Microsoft has not fixed,
> >despite other virusses (like Melissa) which have already taken advantage
> >of it.
> >
> There are instructions for disabling ActiveScripting in Outlook on the MS
> website.  It's enabled by default. That'll stop the attachements from being
> auto-executed.  Remember, according to their TV ads, MS exists to help the
> consumer!

[email protected]
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32