flynngnJMU.EDU

• Next message: Vittal Aithal: "Re: ASP Security Hole (PHP Too)"
• Previous message: der Mouse: "Re: FireWall-1 FTP Server Vulnerability"
• In reply to: David LeBlanc: "Re: 'cross site scripting' CERT advisory and MS"
• Next in thread: Alexander Schreiber: "Re: 'cross site scripting' CERT advisory and MS"
• Reply: flynngnJMU.EDU: "Re: 'cross site scripting' CERT advisory and MS"
• Reply: Alexander Schreiber: "Re: 'cross site scripting' CERT advisory and MS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David LeBlanc wrote:
>
> What I recommend specifically for using Outlook (probably also applies to
> other mail readers using IE as a HTML viewer) is:
> 1) Set it to run in the Restricted Sites zone
> 2) Edit the Restricted Sites zone into what I call maximum paranoia mode -
> turn EVERYTHING off. IIRC, cookies are off to begin with, but this gets
> them turned off for sure.

Wouldn't it be better to set the Internet zone for high security and
then set the browser to use the Internet zone? The restricted zone requires
entering the list of untrusted systems while the Internet zone says
"everything that is not in the trusted zone gets the default security
settings".

Here is what I've been recommending:
http://www.jmu.edu/info-security/engineering/issues/apps/outlook.htm

Gary Flynn

• Next message: Vittal Aithal: "Re: ASP Security Hole (PHP Too)"
• Previous message: der Mouse: "Re: FireWall-1 FTP Server Vulnerability"
• In reply to: David LeBlanc: "Re: 'cross site scripting' CERT advisory and MS"
• Next in thread: Alexander Schreiber: "Re: 'cross site scripting' CERT advisory and MS"
• Reply: flynngnJMU.EDU: "Re: 'cross site scripting' CERT advisory and MS"
• Reply: Alexander Schreiber: "Re: 'cross site scripting' CERT advisory and MS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]