Bugtraq mailing list archives
Eudora MUA: Risky practice
From: Borja Marcos <borjam () sarenet es>
Date: Mon, 27 Aug 2001 09:36:49 +0200
Hello, I have observed a very risky default setting in the Eudora MUA. Attachments received with messages are stored in a directory, where they are left although the user erases the message. "Automatic attachment deletion" seems to be an optional feature, while it should be the default behavior. I think this is risky and should be changed; Windows has brought us something great: the confusion between data and programs, and what actually happens when "opening" a file depends on the file type. A user deleting the attachments from the disk (for example, hundreds of copies of Sircam) can execute one of them by accident. This deletion is usually done from the Windows file manager, which will never ask for confirmation before executing a file. As Windows has a joke command-line interface, this is perhaps the only option left for the user to delete the messages. I know this is a Windows fault, but Qualcomm would enhance their product changing the behavior to automatically deleting an attachment whenever a message is deleted. Better, I think it would be better to extract an attachment from a message if and only if the user explicitly "opens" the attachment or saves it to disk. It would also help to avoid disk clutter. Regards, Borja.
Current thread:
- Eudora MUA: Risky practice Borja Marcos (Aug 27)
- Re: Eudora MUA: Risky practice Will Bryant (Aug 27)