On the heels of last week's CIAC advisory regarding possible MIME security problems in major Windows email clients, a different security issue has been revealed in Windows versions of Eudora, Qualcomm's widely used email program. Eudora Pro 4.0, 4.01, and 4.1 betas for Windows can utilize Microsoft's HTML viewer when displaying messages; that viewer can permit automatic execution of items included in the message, such as Java applets. In theory, other Windows applications which use Microsoft's HTML viewer could also be vulnerable to these sorts of problems. According to Qualcomm, updates to Eudora products to prevent this automatic execution will be available today. As a workaround, disable Microsoft's HTML viewer in the Viewing Mail settings panel of Eudora's Options dialog box. Eudora Light is not vulnerable, and Macintosh versions of Eudora have been safe for years because they encapsulate any attached applications such that users must specifically choose to execute them. However, the bottom line remains unchanged: don't run any email attachments unless you're sure they're safe.
Syslogd Overwhelming Your Computer?
If your Leopard (Mac OS X 10.5) system is unexpectedly sluggish, logging might be the culprit. Run Activity Monitor (Applications/Utilities/ folder), and click the CPU column twice to get it to show most to least activity. If syslogd is at the top of the list, there's a fix. Syslogd tracks informational messages produced by software and writes them to the asl.db, a file in your Unix /var/log/ directory. It's a known problem that syslogd can run amok. There's a fix: deleting the asl.db file.
Launch Terminal (from the same Utilities folder), and enter these commands exactly as written, entering your administrative password when prompted:
sudo launchctl stop com.apple.syslogd
sudo rm /var/log/asl.db
sudo launchctl start com.apple.syslogd
Your system should settle down to normal. For more information, follow the link.
- Security Issue with Email Attachments (03 Aug 98)