Re: [Fwd: SPAM - sinister spam]

Lee Daniel Crocker (
Sun, 14 Dec 1997 22:39:50 -0800 (PST)

> Hara Ra <> writes:
> > Fringeware sent me this item - any of you Java experts care to comment??
> ...
> > I am running IE4.0, and I simply
> > highlighted the new message in my mailbox, and clicked on the subject to
> > read it. It immediately downloaded and initialized a java applet that
> > took control of my browser, opened a session to their site as I sat in
> > amazement.

HTML mail has precisely the same security implications as Web
browsing. If your Java VM is working correctly, a mail message
that invokes a Java applet will do exactly the same thing as a
Java applet on a Web page, and run with the same security, which
means that it cannot access any local files, or open network
connections to any but the sending host, or execute any native
code on your machine.

The current implementations of Java on the market are generally
safe. The current implementations of JavaScript (an entirely
different technology), VBScript, and ActiveX are /not/ safe, as
they have known security holes not yet addressed. Most browsers
will let you enable/disable these individually, and your email
should honor the same settings.

Lee Daniel Crocker <> <>
"All inventions or works of authorship original to me, herein and past,
are placed irrevocably in the public domain, and may be used or modified
for any purpose, without permission, attribution, or notification."--LDC