只是預覽或開啟信件,就可能會產生安全上的問題嗎?
只是預覽或開啟信件,就可能會產生安全上的問題嗎?
原文網址: http://www.cert.org/tech_tips/home_networks.html(節錄)
6. Mobile code (Java/JavaScript/ActiveX)
There have been reports of problems with "mobile code" (e.g. Java, JavaScript, and ActiveX). These are programming languages that let web developers write code that is executed by your web browser. Although the code is generally useful, it can be used by intruders to gather information (such as which web sites you visit) or to run malicious code on your computer. It is possible to disable Java, JavaScript, and ActiveX in your web browser. We recommend that you do so if you are browsing web sites that you are not familiar with or do not trust.
Also be aware of the risks involved in the use of mobile code within email programs. Many email programs use the same code as web browsers to display HTML. Thus, vulnerabilities that affect Java, JavaScript, and ActiveX are often applicable to email as well as web pages.
More information on ActiveX security is available in http://www.cert.org/archive/pdf/activeX_report.pdf
原文網址: http://www.w3.org/Security/Faq/wwwsf2.html((節錄))
Q11: I hear there's an e-mail message making the rounds that can trash my hard disk when I open it. Is this true?
Just to make life complicated, however, there are some cases in which the simple act of opening an e-mail message can damage your system. The newer generation of e-mail readers, including the one built into Netscape Communicator, Microsoft Outlook Express, and Qualcomm Eudora all allow e-mail attachments to contain "active content" such as ActiveX controls or JavaScript programs. As explained in the JavaScript and in the ActiveX sections, active content provides a variety of backdoors that can violate your privacy or perhaps inflict more serious harm. Disabling JavaScript and ActiveX will immunize you to potential problems.
In addition, there are other cases where e-mail messages can be harmful to your health. In the summer of 1998, a number of programming blunders were discovered in e-mail readers from Qualcomm, Netscape and Microsoft. These blunders (which involved overflowing static buffers) allowed a carefully crafted e-mail message to crash your computer or damage its contents.