Re: html e-mail

by "Ted Temer" <temer(at)c-zone.net>

 Date:  Tue, 19 Dec 2000 11:55:12 -0800
 To:  "HWGBASICS" <hwg-basics(at)hwg.org>
 References:  aol
  todo: View Thread, Original
Jeff:

First off, let me say that Jeff and I are often of the same or similar
opinions on many subjects--but here--I tend to disagree--sort of.

But before I get to the disagreeing part let me confirm that to the best of
my knowledge, what he says is basically true. There are some security
"holes" in Outlook Express and of course, like just about everything else in
life, there are some concerns with using HTML e-mail.

Now let me ease into the disagreeing part. And it is a disagreement, born in
part, by an admittedly overly optimistic and blindly naive nature.

Jeff refers in part to an article written by Brian Livingston for Info
World. In that article, Mr. Livingston does his editorial best to scare the
H - - - out of about 95% of the users of e-mail and the web by insinuating
that the web and e-mail clients they use, are an open invitation to mischief
from those with less than pacific intent. That's his job. And he certainly
would not get paid for telling his readers what a nice day it is and how
pretty the birds twitter in the park.

While Mr. Livingston by no means, told fibs, all but the most paranoia prone
would--after a careful and through reading--be compelled to conclude he
"laid it on a little thick".

There is very little that any of us can do in our lives that does not entail
some risk. Chance, circumstance and the ill disposed combine to make life
tenuous at best. But imperfect lives or not, we still have to live them.
Just walking out the door in the morning is a calculated risk.

True--bad things could happen with HTML e-mail. But no more so than with an
attachment to regular e-mail. And HTML is HTML. It can do no more harm to
your computer in e-mail than it could with a web page. We've all had to
download "fixes" to plug holes in e-mail clients and browsers and will have
to continue to do so as the hackers explore their options.

In fact, Jeff's reference to the article about Media Player reminded me that
I never did get around to plug that leak when Microsoft sent me the alert,
so I took the three minutes to download and install the fix before writing
this. The never ending war goes on. But still--There is NO SUCH THING as
total security. They even broke into and out of, concentration camps in Nazi
Germany during WW-II.

Yes--every time you surf, many of the sites you visit gather information
about you. Especially if you make a purchase. But just plain surfing leaves
a pretty wide trail. In fact, many of the discussions this list has had to
do about the gathering of statistics. And that is really about getting
information about your visitors.

When I pay my credit card bill on-line there is a username and password to
fill in. But the page asking for this also greeted me by name. Yeah--one of
those nasty old cookies did some sniffing about and said--"Ah Haw!! We know
this guy" . And of course, they also already knew my user name and
password---and my address, phone number, social security, age and you name
it.

Gosh--what if some hacker gets in there?? I'm sorry--but that's no worse
than giving some waiter your card in a restaurant. Off he goes and who knows
how many copies he made of your number and who he may sell them too.

In the meantime, hundreds--maybe even thousands of us use HTML e-mail every
day in our business or circle of friends. Why?? To transmit information. And
yes--an imbedded image is indeed worth the proverbial thousand words. Just
like everything else in life, in order to reap the benefits, you take a
calculated risk.

And just like the fact that there is a loaded 12 bore kept in my bedroom
that I never expect to use, there is also a back-up to my hard drive that I
never expect to use. But they are both there just in case I'm too optimistic
for my own good.

And in the meantime, I intend to keep on living life on MY terms, not the
terms of the evil doers or the worst case scenarios.

Best wishes
Ted Temer
Temercraft Designs Redding, CA
temer(at)c-zone.net
www.temercraft.com/
www.newsredding.com/


> Hi Folks:
>
> It was written:
>
> >However, watch out for this terrible and often besmirched thing, as many
> >"feature challenged" web clients, such as AOL, (and some others), do not
> >render such pages correctly.
>
> I admit to not following this thread too closely - so please forgive me if
> I'm repeating someone else's info...
>
> There are far greater threats out there other than feature challenged
clients
> or people like me who resent HTML email -
>
> A new form of privacy abuse retrieves information about you from HTML
email
> messages with an invisible embedded graphic.  This graphic helps identify
> cookies that are presently on your system which also then links you to
other
> databases that can include personal data such as social security number.
>
> You can read about this at:
> http://www.infoworld.com/articles/op/xml/99/12/27/991227oplivingston.xml
>
> Additionally, a new virus threat is presented wihtout even viewing an
> attachment - Microsoft Outlook and Outlook Express can run harmful code
when
> it automatically opens a browser window in your HTML email message.  This
> runs what is known as an ASX - Active Stream Redirector - file.
>
> You can read more about this at:
> http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
>
> HTML email is just a bad idea......
>
> - Jeff K.
>

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA