E-Mail Security

HTML E-Mail

Disable HTML for e-mail or choose to view all messages as plain text if your e-mail client has such options - the better ones do; or use an e-mail content filter for web bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Today's cleverly-coded e-mail worms can execute just by viewing HTML-formatted e-mail.

E-Mail Attachments

- Never allow your e-mail client to "View Attachment Inline" ...unless you are sure it arrived    from a trusted sender.

- Never open e-mail attachments from strangers.

- Use encryption software for sending your most private e-mail messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard.

- Never, ever use e-mail to send confidential information such as credit card numbers, bank account numbers, or your Social Security number.

- Never respond to e-mail asking for confidential information. Any e-mail you receive requesting your credit card numbers, bank account numbers, or Social Security number either via e-mail or a web site link is surely an identity theft or phishing scam.

How to disable JavaScript in e-mail programs:

Outlook

  1. Select the "Options..." command under the Outlook "Tools" menu.
  2. Select the "Security" tab in the "Options" dialog box.
  3. Under "Secure Content" section, select "Restricted sites" in the Zone Window.
  4. Click on the "Zone settings..." button.
  5. Click "OK" for the warning dialog box which pops up on the screen.
  6. In the "Security" dialog box, make sure that the "Restricted sites" icon is selected.
  7. Make sure that the security level slider control for the zone is set to "High".
  8. Click on the "Custom Level..." button.
  9. Scroll down to the "Active scripting" entry in the settings list in the "Security Settings" dialog box.
  10. Select "Disable" for "Active scripting" entry.
  11. Press the "OK" button in the "Security Settings" dialog box.
  12. Press the "OK" button in the "Security" dialog box.
  13. Press the "OK" button in the "Options" dialog box.

Note on Outlook: By following this procedure, you will accomplish two things. First, you will configure the e-mail client so that all of its network activity happens in the "Restricted" security zone. Second, you will increase the security of the Restricted zone beyond its default setting so that "Active scripting" is disabled. The end result is that your e-mail program will disable Active scripting (which includes JavaScript) whenever it shows you an e-mail, thereby preventing the e-mail wiretap exploit.

Mozilla Mail

  1. Select "Edit" from the menu bar.
  2. Select "Preferences" from the drop-down list.
  3. Select "Advanced" from the Category list.
  4. Select "Scripts & Windows" from the Advanced list.
  5. Uncheck the box next to "Mail & Newsgroups" under "Enable JavaScript for:"
  6. Important: Leaving "Navigator" checked applies to your browser window only. The option in step 5 applies to e-mail only.
  7. Click on "OK" to save your settings and close the "Preferences" window.
  8. (NOTE: Unlike with Netscape or Outlook, in Mozilla this option is unchecked by default... but it is a good idea to look for yourself.)

Mozilla Thunderbird

  1. Select "Tools" from the menu bar.
  2. Select "Options" from the drop-down list.
  3. Select "Advanced" from the Category list.
  4. Uncheck the box next to "Enable JavaScript in mail messages".
  5. Click on "OK" to save your settings and close the "Preferences" window.
  6. (NOTE: Unlike with Netscape or Outlook, in Thunderbird this option is unchecked by default... but it is a good idea to look for yourself.)

Netscape Messenger

  1. Select "Edit" from the menu bar.
  2. Select "Preferences" from the drop-down list.
  3. Select "Advanced" from the Category list.
  4. Uncheck the box next to "Enable JavaScript for Mail and News".
  5. Important: Leaving "Enable JavaScript" (version 4.x) or "Enable JavaScript in Navigator" (versions 6/7) checked applies to your browser window only. The option in step 4 applies to e-mail only.
  6. Click on "OK" to save your settings and close the "Preferences" window.

Eudora

  1. Click on "Tools".
  2. Click on "Options".
  3. Click on "Viewing Mail".
  4. Uncheck the box "Allow executable in HTML content".

(NOTE: Unlike with Netscape or Outlook, in Eudora, this option is unchecked by default, but it is a good idea to look for yourself.)

Posted by

1 comment:

Unknown said...

Wonderful.
Mindblowing.
We need more this kind of article which save us and our pc from potent dangers luking everywhere.we are facing that everyday.
Thanks

July 21, 2008 at 5:35 PM

Post a Comment

Subscribe to: Post Comments (Atom)