Here is Qualcomm's alert from: <http://eudora.qualcomm.com/security.html> Anthony Eudora Pro Security Alert You may have read recently that there is potential for unauthorized programs to be run on your system through the use of hostile Java scripts and/or applets. This problem affects users of the Windows versions of Eudora Pro Email 4.0 and 4.0.1, as well as Eudora Pro CommCenter 4.0 and 4.0.1. Note that Eudora Light users, users of previous versions of Eudora Pro, and Macintosh users are not susceptible to these Java attacks. QUALCOMM became aware of this problem yesterday (8/6/98) and will be offering an updater for Windows Eudora Pro and CommCenter 4.0.1 and 4.0 within the next few hours that addresses these issues and will prevent these types of attacks. QUALCOMM will also make available a new Eudora Pro 4.1 beta that contains these fixes by Friday afternoon Pacific Standard Time. Until the new software is posted, you can protect yourself by turning off the Microsoft viewer from within Eudora. To do this, follow these steps: 1.In Eudora, go to the Tools menu and choose "Options". 2.On the left hand side of the options window, select "Viewing Mail" 3.On the right hand side of the options window, make sure the box next to "Use Microsoft's viewer" is UNCHECKED. 4.Click on "OK" on the bottom of the window. Eudora Pro Email, Eudora Pro CommCenter and Eudora Light are not susceptible to buffer overflow security problem QUALCOMM rigorously tested its line of Eudora email software after becoming aware of the buffer overflow security problems recently found in Microsoft and Netscape email programs. QUALCOMM is pleased to announce that its Eudora email products are not susceptible to the types of attacks that can harm the computers of users of these other products. QUALCOMM tested Eudora Pro and Eudora CommCenter versions 4.0, as well as Eudora Pro and Eudora Light versions 3.0 on both the Windows and Macintosh platforms. In all cases, Eudora does not allow any unauthorized programs to be automatically executed on a user's system. At 6:19 PM +0200 8/7/98, Patrick Oonk wrote regarding "New Eudora bug ?": > http://www.nytimes.com/library/tech/98/08/biztech/articles/07email-code.html > > SAN FRANCISCO -- Just days after a serious security flaw was revealed in two > popular electronic mail programs, an equally troubling vulnerability has been > discovered in Eudora, the most widely used of all e-mail software. > > The Eudora flaw makes it possible for a malicious computer user with >little or > no programming expertise to booby-trap an e-mail message by inserting a > seemingly harmless link to an Internet location that in fact executes > malignant code. This could permit an attacker to destroy or steal data or to > otherwise tamper with a personal computer. -- Anthony Roybal Information Systems & Technology University of California at Berkeley <mailto:arat_private> <http://socrates.Berkeley.EDU/~ar>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:42 PDT