The Security Mentor

Security firm eEye says they've discovered yet another vulnerability in Microsoft Internet Explorer. Are you safe with the latest patches? They say not. How serious? eEye says the problem allows bad guys to take over your computer. It's not completely automatic. They say the attack requires "minimal human interaction" but don't explain what you should avoid doing.

Outlook, they say, is vulnerable to the same attack. That's a little bit worse since you have more control over what web sites you visit than you do over what email you receive.

Just knowing what's affected gives us a hint about what's going on. If my guess is right then you can protect yourself by telling Outlook to display incoming email as plain text instead of making it look like a web page. This is a vital security step you should take anyway. It's also amazingly difficult in most versions of Outlook. Outlook 2003 gives you an option to read your email as plain text under Tools/Options/Preferences/Email Options. Before Outlook 2003 you had to run a third-party program. The good folks at outlook-tips.net have instructions about how to make Outlook safer.

After you do that, sit back and wait for Microsoft to release a fix, and hope the bad guys don't discover the same problem.

What happens if a hacker finds a problem like this in Firefox? Rumor has it that the black-market price for information about a security hole is $500-1000. Last week a German security researcher got a $2,500 reward for reporting security problems from the foundation that manages Firefox.