Lemme' rephrase what I said. They can't unless you accept an exe that directs it. The big caveat is never accept an exe file from anyone you don't know.
DJ's example involves people sending this info in an unsecure mode. i.e. the user did it himself.
Outsider's can't get in to extract this info unless you let them (opening an exe received in e-mail).
There's two other things that potentially put you at risk, but so far they're safe.
Java and Active-x.
Netscape and Unix have gone to a lot of trouble to make Java safe and so far they've stayed ahead of the gremlins (I won't get into how). So far.
Active-x was a risk, but microsoft has just issued a fix on that.
The unfortunate thing about both of these is that the fixes reduce the capability of these cross platform programs. They can both tell your computer to do things, but they can not tell your computer to transmit things via e-mail without your OK. That requires an exe program and if you never accept an exe from a stranger you'll be OK.
There's too much of this uncalled for scare stuff being put out. It just ain't that easy. YOU have the control. As long as you don't accept exe's from strangers or allow someone to sit at your computer who may implant something (or implant it through an LAN) you're OK. If your computer is exposed either through an LAN or at risk of a bad guy sitting at it while you're elsewhere - use passwords and change frequently.
Oh yeah, if you use Microsoft Outlook (not Outlook Express - it can't do it without your OK) turn off the automatic opening of executable (exe) programs.
All mail programs can open graphics and that's OK. They can't hurt you.
For what it's worth, I think AOL users used to be at risk, because AOL used to be essentially a great big LAN. But I'm told they fixed that. I don't know for sure (either about the earlier risk or the fix), because I'm not an AOL fan.
And for all those folks afraid of them, COOKIES can't do it either.
Gee, nobody caught my joke at the end of my original post
Staten Island WebŪ Forums Index.