From: John Young <jya@pipeline.com>
Date: Fri, 7 Aug 1998 07:53:42 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Eudora Flaw
Message-ID: <199808071453.KAA00807@camel14.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


Markoff reports in today's NY Times on Eudora's e-mail 
security flaw:


http://www.nytimes.com/library/tech/yr/mo/biztech/articles/07email-code.html

It's the feature which allows clicking on a URL in a message,
which can run an attached malicious program, or otherwise trash
a user's disk.

A fix is due out this afternoon from Qualcomm. In the meantime NYT
says the flaw can be fixed by going to "Options," "Viewing Mail" and 
turning off "Use Microsoft's viewer."

Security experts are quoted: beware any attachment to E-mail, 
and not just for Eudora.