Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 03-26-09, 12:54 PM   #1
keith3speed
enabler
Thread Starter
 
keith3speed's Avatar
 
Join Date: Jun 2008
Location: SEMichigan
Bikes: peugot 3 speed
Posts: 0
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Email question

we all know not to open email attachments from senders we dont know, but can anything bad happen just from opening a email without attachments? My wife just opened an email up without thinking and now she is in a panic. The text said "thanks for that, bye". I tried to reassure her that there was no attachment on this email and since she was running linux from a live CD nothing should be able to touch the hard drive anyway. How else can I assure her everything is ok? Anybody got any comments or email horror stories they want to share?
keith3speed is offline   Reply With Quote
Old 03-26-09, 12:56 PM   #2
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
Posts: 3,924
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Hopefully email systems are smart enough to prevent it now, but at one time even that could be dangerous because the email could be in HTML format and have some script embedded in the HTML. I know Outlook used to have a setting 'do not run scripts on HTML email' or something like that.
__________________
Quote:
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline   Reply With Quote
Old 03-26-09, 04:47 PM   #3
wmodavis
Bill
 
Join Date: May 2007
Location: HIGHLANDS RANCH, CO
Bikes: Specialized Globe Sport, Specialized Stumpjumper FSR Pro
Posts: 630
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
If you are running anti-virus software and anti-spyware software and have a good firewall installed, updated and properly setup you'll have some protection against those bad guys out there. That and vigilance on you and your wife's part are the best ways to counteract malware of any sort!
wmodavis is offline   Reply With Quote
Old 03-26-09, 07:45 PM   #4
iamlucky13
Footballus vita est
 
iamlucky13's Avatar
 
Join Date: Jun 2002
Location: Portland, OR
Bikes: Trek 4500, Kona Dawg
Posts: 2,118
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
She's fine. Plain text can't do anything. There could have been an invisible picture embedded in the email via HTML, which can be used by clever spammers to determine which email addresses are active, but that won't directly compromise your security.

Every now and then, some social reject figures out how to make an exploit that embeds a virus in a picture, but as far as I know, there's no unpatched exploits at the moment, especially not for linux.

As far as horror stories go: One of those jpeg-based exploits was discovered about two months ago in Internet Explorer. I just happened to need to use IE the day it was announced to visit a website that didn't support Firefox, and I hadn't gotten the news about the exploit. Since I already had IE up, I also used it to search for some random info that led me to a somewhat sketch site. I'm guessing an ad on that site was where the infection came from. I was only vulnerable for a couple of hours before I read the news and patched it, and I just happened to use the vulnerable program during that window. I've had the computer for about two years, and that was the first problem I'd had, even though most of the time I didn't even use anti-virus software.

I forget exactly what I got, but it was a pretty deep one. It did browser redirects (my first clue of the problem), key logging, pop-ups, and self-replication. I Ended up having to turn off system restore and run scans in safe mode to get rid of it. AVG got part of it, and Malwarebytes finished it off. Whatever it was, it was one of the better written bugs out there, even though it wasn't as prevalent as the big worms like Sasser and Blaster.
__________________
"The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad
iamlucky13 is offline   Reply With Quote
Old 03-26-09, 07:58 PM   #5
Caspar_s
Senior Member
 
Caspar_s's Avatar
 
Join Date: Jan 2006
Location: Burlington, ON
Bikes: Giant Tcx1
Posts: 530
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Hell, if she was running a live linux cd, she could have opened a virus and it wouldn't have done anything!

Yeah, if you're running outlook, then maybe an exploit in html or a macro in a doc file, but not plain text.
Caspar_s is offline   Reply With Quote
Old 03-26-09, 10:15 PM   #6
MrCrassic 
Senior Member
 
MrCrassic's Avatar
 
Join Date: Jun 2007
Location: Brooklyn, NY
Bikes: 2008 Giant OCR1 (with panda bear on the back!)
Posts: 3,650
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by keith3speed View Post
we all know not to open email attachments from senders we dont know, but can anything bad happen just from opening a email without attachments? My wife just opened an email up without thinking and now she is in a panic. The text said "thanks for that, bye". I tried to reassure her that there was no attachment on this email and since she was running linux from a live CD nothing should be able to touch the hard drive anyway. How else can I assure her everything is ok? Anybody got any comments or email horror stories they want to share?
Technically, emails that have malicious images embedded in them can trigger an attack, but a lot of the flaws regarding these have been addressed. Additionally, images do not load by default on most mail clients. Some mails can take advantage of vulnerabilities in certain email programs like Outlook, Outlook Express (most common) and Mozilla Thunderbird by crafting them very specially. These aren't that common, though, and spam/virus filters pick these up very effectively either at the server level or at your computer (provided you have proper protection). Plain text eliminates many of the common attack vectors, but I believe message headers can also take advantage of vulnerabilities in Outlook Express if altered properly. I think there was an exploit patched just recently that affected Exchange mailboxes, where an email with special text could make the system vulnerable to attack.

The latter won't affect you, since you're on Linux and these vulnerabilities are specific to Windows. There are very few Linux trojans out there, but they aren't spread via email (or at least very commonly) and most of them are relatively harmless.
__________________
Ride more.

Code:
$ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
 $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

Last edited by MrCrassic; 03-26-09 at 10:19 PM.
MrCrassic is offline   Reply With Quote
Old 03-26-09, 10:16 PM   #7
x136 
phony collective progress
 
x136's Avatar
 
Join Date: Sep 2006
Location: San Hoosey
Bikes: http://velospace.org/user/36663
Posts: 2,981
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Email went downhill once it was *******ized with HTML.

Viva text.
__________________
x136 is offline   Reply With Quote
Old 03-27-09, 05:54 AM   #8
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
Posts: 3,924
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by x136 View Post
email went downhill once it was *******ized with html.

Viva text.
+10000000000
__________________
Quote:
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline   Reply With Quote
Old 03-27-09, 05:55 AM   #9
KingTermite 
On my TARDIScycle!
 
KingTermite's Avatar
 
Join Date: Jun 2005
Location: Eastside Seattlite Termite Mound
Bikes: Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
Posts: 3,924
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by keith3speed View Post
and since she was running linux from a live CD nothing should be able to touch the hard drive anyway.
I missed this part before. No worries if she was running linux on a live cd.
__________________
Quote:
Originally Posted by coffeecake View Post
- it's pretty well established that Hitler was an *******.
KingTermite is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 04:06 PM.