Advertise on Bikeforums.net



User Tag List

Results 1 to 9 of 9

Thread: Email question

  1. #1
    enabler keith3speed's Avatar
    Join Date
    Jun 2008
    Location
    SEMichigan
    My Bikes
    peugot 3 speed
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Email question

    we all know not to open email attachments from senders we dont know, but can anything bad happen just from opening a email without attachments? My wife just opened an email up without thinking and now she is in a panic. The text said "thanks for that, bye". I tried to reassure her that there was no attachment on this email and since she was running linux from a live CD nothing should be able to touch the hard drive anyway. How else can I assure her everything is ok? Anybody got any comments or email horror stories they want to share?

  2. #2
    On my TARDIScycle! KingTermite's Avatar
    Join Date
    Jun 2005
    Location
    Eastside Seattlite Termite Mound
    My Bikes
    Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hopefully email systems are smart enough to prevent it now, but at one time even that could be dangerous because the email could be in HTML format and have some script embedded in the HTML. I know Outlook used to have a setting 'do not run scripts on HTML email' or something like that.
    Quote Originally Posted by coffeecake View Post
    - it's pretty well established that Hitler was an *******.

  3. #3
    Bill
    Join Date
    May 2007
    Location
    HIGHLANDS RANCH, CO
    My Bikes
    Specialized Globe Sport, Specialized Stumpjumper FSR Pro
    Posts
    630
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are running anti-virus software and anti-spyware software and have a good firewall installed, updated and properly setup you'll have some protection against those bad guys out there. That and vigilance on you and your wife's part are the best ways to counteract malware of any sort!
    [SIGPIC][/SIGPIC]
    Eventually you will reach a point when you stop lying about your age and start bragging about it. - Will Rogers

  4. #4
    Footballus vita est iamlucky13's Avatar
    Join Date
    Jun 2002
    Location
    Portland, OR
    My Bikes
    Trek 4500, Kona Dawg
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    She's fine. Plain text can't do anything. There could have been an invisible picture embedded in the email via HTML, which can be used by clever spammers to determine which email addresses are active, but that won't directly compromise your security.

    Every now and then, some social reject figures out how to make an exploit that embeds a virus in a picture, but as far as I know, there's no unpatched exploits at the moment, especially not for linux.

    As far as horror stories go: One of those jpeg-based exploits was discovered about two months ago in Internet Explorer. I just happened to need to use IE the day it was announced to visit a website that didn't support Firefox, and I hadn't gotten the news about the exploit. Since I already had IE up, I also used it to search for some random info that led me to a somewhat sketch site. I'm guessing an ad on that site was where the infection came from. I was only vulnerable for a couple of hours before I read the news and patched it, and I just happened to use the vulnerable program during that window. I've had the computer for about two years, and that was the first problem I'd had, even though most of the time I didn't even use anti-virus software.

    I forget exactly what I got, but it was a pretty deep one. It did browser redirects (my first clue of the problem), key logging, pop-ups, and self-replication. I Ended up having to turn off system restore and run scans in safe mode to get rid of it. AVG got part of it, and Malwarebytes finished it off. Whatever it was, it was one of the better written bugs out there, even though it wasn't as prevalent as the big worms like Sasser and Blaster.
    "The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad

  5. #5
    Senior Member Caspar_s's Avatar
    Join Date
    Jan 2006
    Location
    Burlington, ON
    My Bikes
    Giant Tcx1
    Posts
    530
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hell, if she was running a live linux cd, she could have opened a virus and it wouldn't have done anything!

    Yeah, if you're running outlook, then maybe an exploit in html or a macro in a doc file, but not plain text.

  6. #6
    Senior Member MrCrassic's Avatar
    Join Date
    Jun 2007
    Location
    Brooklyn, NY
    My Bikes
    2008 Giant OCR1 (with panda bear on the back!)
    Posts
    3,648
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by keith3speed View Post
    we all know not to open email attachments from senders we dont know, but can anything bad happen just from opening a email without attachments? My wife just opened an email up without thinking and now she is in a panic. The text said "thanks for that, bye". I tried to reassure her that there was no attachment on this email and since she was running linux from a live CD nothing should be able to touch the hard drive anyway. How else can I assure her everything is ok? Anybody got any comments or email horror stories they want to share?
    Technically, emails that have malicious images embedded in them can trigger an attack, but a lot of the flaws regarding these have been addressed. Additionally, images do not load by default on most mail clients. Some mails can take advantage of vulnerabilities in certain email programs like Outlook, Outlook Express (most common) and Mozilla Thunderbird by crafting them very specially. These aren't that common, though, and spam/virus filters pick these up very effectively either at the server level or at your computer (provided you have proper protection). Plain text eliminates many of the common attack vectors, but I believe message headers can also take advantage of vulnerabilities in Outlook Express if altered properly. I think there was an exploit patched just recently that affected Exchange mailboxes, where an email with special text could make the system vulnerable to attack.

    The latter won't affect you, since you're on Linux and these vulnerabilities are specific to Windows. There are very few Linux trojans out there, but they aren't spread via email (or at least very commonly) and most of them are relatively harmless.
    Last edited by MrCrassic; 03-26-09 at 10:19 PM.
    Ride more.

    Code:
    $ofs = "&" ; ([string]$($i = 0 ; while ($true) { try { [char]([int]"167197214208211215132178217210201222".substring($i,3) - 100) ; $i =
     $i+3 > catch { break >>)).replace('&','') ; $ofs=" " # Replace right angles with right curly braces

  7. #7
    phony collective progress x136's Avatar
    Join Date
    Sep 2006
    Location
    San Hoosey
    My Bikes
    http://velospace.org/user/36663
    Posts
    2,958
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Email went downhill once it was *******ized with HTML.

    Viva text.

  8. #8
    On my TARDIScycle! KingTermite's Avatar
    Join Date
    Jun 2005
    Location
    Eastside Seattlite Termite Mound
    My Bikes
    Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by x136 View Post
    email went downhill once it was *******ized with html.

    Viva text.
    +10000000000
    Quote Originally Posted by coffeecake View Post
    - it's pretty well established that Hitler was an *******.

  9. #9
    On my TARDIScycle! KingTermite's Avatar
    Join Date
    Jun 2005
    Location
    Eastside Seattlite Termite Mound
    My Bikes
    Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by keith3speed View Post
    and since she was running linux from a live CD nothing should be able to touch the hard drive anyway.
    I missed this part before. No worries if she was running linux on a live cd.
    Quote Originally Posted by coffeecake View Post
    - it's pretty well established that Hitler was an *******.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •