On the heels of last week's CIAC advisory regarding possible MIME security problems in major Windows email clients, a different security issue has been revealed in Windows versions of Eudora, Qualcomm's widely used email program. Eudora Pro 4.0, 4.01, and 4.1 betas for Windows can utilize Microsoft's HTML viewer when displaying messages; that viewer can permit automatic execution of items included in the message, such as Java applets. In theory, other Windows applications which use Microsoft's HTML viewer could also be vulnerable to these sorts of problems. According to Qualcomm, updates to Eudora products to prevent this automatic execution will be available today. As a workaround, disable Microsoft's HTML viewer in the Viewing Mail settings panel of Eudora's Options dialog box. Eudora Light is not vulnerable, and Macintosh versions of Eudora have been safe for years because they encapsulate any attached applications such that users must specifically choose to execute them. However, the bottom line remains unchanged: don't run any email attachments unless you're sure they're safe.
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.
Edit iCal Event Titles Directly
In the Leopard version of iCal, double-clicking an event shows a summary of the event, and to edit the name (or anything else), you must click the Edit button in the summary pop-up. To bypass the summary and edit pop-ups entirely, Option-double-click the event name. That selects the text for editing, and you can make any changes you want. Click outside the event to save your changes.
Written by
Adam C. Engst
Eudora Pro Security Hole for Windows Only
Doxie makes it easy to go paperless and scan anywhere — nocomputer required. Doxie scans paper and receipts, creates
searchable PDFs, then syncs up to your Mac. With smart design and
great software, Doxie just works. <http://www.getdoxie.com/a/bits>