Full Disclosure mailing list archives
Re: When is it valid to claim that a vulnerability leads to a remote attack?
From: Valdis.Kletnieks () vt edu
Date: Mon, 12 Oct 2009 08:13:09 -0400
On Sat, 10 Oct 2009 22:32:49 CDT, Rohit Patnaik said:
Well, why are you relying on Thierry's clock to date your message? Your e-mail client should use your local clock/mail server clock to timestamp messages.
Hint: your e-mail client *can't* timestamp this message, because it has no *clue* when I hit send on this message. Consider that you can't even trust the timestamp on the first Received: header, because I could very well have composed the mail and hit send while offline, and it got posted to a server once I had network connectivity again. The sending MUA is responsible for this, but often an end-user MUA will fail to add a Date: header and the fixup is done at the first mail server,
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Chris (Oct 10)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Rohit Patnaik (Oct 10)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Valdis . Kletnieks (Oct 12)
- <Possible follow-ups>
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Chris (Oct 10)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Rohit Patnaik (Oct 10)