They won't change outlook/exchange...corporate culture runs deep.

In outlook 98 under <Tools><Advanced> you can turn off Javascript (drill
down).
HTML never goes away...unless you block it at the Content scanning level
using Baltimore Technologies' Mailsweeper for Smtp.

PS. If you turn off java script ( which coincides with the IE tools
interface) you will still get the following as an attachement:
E-mail header
Converted code
Href(s)

                  .\\\\,////.
                   \ - - /
                   ( )
   +------------oOOo-(_)-oOOo---+
   | Kevin Headley |
   | 212.892.9204 |
   | Credit |First |
   | Suisse |Boston |
   +------------------Oooo------+
              oooO ( )
             ( ) ) /
              \ ( (_/
               \_)
****The opinions contained herein are not necessarily those of my
contractor****

-----Original Message-----
From: Development [mailto:develWWW2.KPARKER.ORG]
Sent: Wednesday, February 21, 2001 11:11 AM
To: FOCUS-MSsecurityfocus.com
Subject: Outlook Text Preview option

Hello folks,

   I use Linux at home (and, yes, I take security *very* seriously,
but that's another group of lists). However, here at *work*, I am
*directed* to use Windows NT *and* Outlook (due to Exchange Server,
I don't know any flexibility in the matter. Please advise if so).

   It seems there is a friggin *ARMS RACE* going on here. Someone
comes up with some miscellaneous worm (Anna being only the latest).
Someone else comes up with some sort of block. Then someone comes
up with a non-attachment attack (first, Bubbleboy, then KAK, which
I still see floating around. Then, we have this new Outlook
Concealed Attachment exploit. To add icing on the cake, spammers
have the ability to do "Web Bugs" to get that you've read their
e-mail and are a good e-mail address. (I also see encrypted
Java Script in some Spam messages).

   My proposal is to put an option in that the "Preview Pane"
be a TEXT preview pane. Then, when I've examined the message
AND APPROVED IT, I can double click on it and read it in it's
Rich Text and/or HTML version.

   Unless I'm missing something, Outlook 98 doesn't even allow
*after the fact* viewing of message source on an HTML e-mail!
(I have to forward it to my home account so I can examine it
under Pine).

   So, (1), am I missing something here? Is there a patch I
can apply to Outlook 98 (and, if I'm directed to upgrade to
Windows 2000, Outlook 2000) to enable Text Preview? Even
being able to Right Click on the unread message in the Inbox
list and having an option, "Properties" that shows the text
would be acceptable. Or (2), is Microsoft willing to FINALLY
see that Outlook, as it exists today, is part of the problem
and *build* diagnostic options into it?

   One other beef: Microsoft, to try to make Windows
APPEAR more friendly make the default file display *not*
display file suffix's unless I go in and change the option.
Anna gives you this file, "AnnaKournikova.jpg.vbs" but any
person who hasn't manually changed an option (to "Always
display file suffix's") see "AnnaKournikova.jpg" which
makes it look safe. An earlier one, "VBS/Life Cycles"
gave something like "LifeCycles.txt.shs" where someone
would think it's a Text file unless they had the option
changed!

   Any comments, anyone? (Please include me in the reply,
in case your reply gets moderated off of the list). I am
*especially* interested in if I'm missing something here
*myself* (besides convincing them at work to dump Outlook
and Exchange server. Believe me when I say I've *tried*!)

    Best regards,

        Ken Parker

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve
the right to monitor all e-mail communications through its networks. Any
views expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to state
them to be the views of any such entity.
Unless otherwise stated, any pricing information given in this message is
indicative only, is subject to change and does not constitute an offer to
deal at any price quoted.
Any reference to the terms of executed transactions should be treated as
preliminary only and subject to our formal written confirmation.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]