Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why not a changeling?

From: whitevampire () MINDLESS COM (White Vampire)
Date: Tue, 23 May 2000 13:17:07 -0400

On Mon, May 22, 2000 at 10:24:15AM -0700, Michael Wojcik(Michael.Wojcik () MERANT COM) wrote:
: There's no easy fix for this, but there is an obvious one: don't allow email
: attachments, and put reasonable restrictions executable content and
: downloads in general.  Unfortunately, users would rather endure periodic
: bouts of malicious-software-induced trauma than give up a few toys.

        Not necessarily give up attachments.  That is an excessive
solution for a pretty simple problem.

        Simply do not parse superfluous data.  My mail client does not
parse HTML or any other MIME types unless I /tell/ it to.  (And even
then, it would be doing it externally.)

        I do not really understand why so much debate, attention, and
concern is directed to things such as this.  They live and depend upon
stupid software, stupid lusers, and stupid implementations.

Regards,

-- 
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."


<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: