Vulnerability Development mailing list archives

Re: Why not a changeling?

From: Michael.Wojcik () MERANT COM (Michael Wojcik)
Date: Tue, 23 May 2000 14:45:12 -0700

-----Original Message-----
From: White Vampire [mailto:whitevampire () mindless com]
Sent: Tuesday, May 23, 2000 12:17 PM

On Mon, May 22, 2000 at 10:24:15AM -0700, Michael Wojcik

(Michael.Wojcik () MERANT COM) wrote:

: There's no easy fix for this, but there is an obvious one: don't allow

email

: attachments, and put reasonable restrictions [on] executable content and
: downloads in general.  Unfortunately, users would rather endure periodic
: bouts of malicious-software-induced trauma than give up a few toys.

      Not necessarily give up attachments.  That is an excessive
solution for a pretty simple problem.


Excessive in what way?  I've *never* received an attachment that couldn't
have been better delivered in another manner, and I receive several every
day, from co-workers and customers and others.  The world went along just
fine in the days before MIME.

      Simply do not parse superfluous data.  My mail client does not
parse HTML or any other MIME types unless I /tell/ it to.  (And even
then, it would be doing it externally.)


Same here, and I've yet to suffer - directly - the depredations of an email
virus, or any other malicious software.  Unfortunately, every time some
yahoo writes one of these things, a few dozen less-vigilant fellow employees
set it off, and down go the shared resources, which affects my work.

      I do not really understand why so much debate, attention, and
concern is directed to things such as this.  They live and depend upon
stupid software, stupid lusers, and stupid implementations.


And stupid facilities, like email attachments.

Yes, you could greatly reduce the problem by eliminating one of the four.
Eliminating stupid software and stupid implementations doesn't look likely
to happen anytime soon, and it's illegal to eliminate stupid users.
Disabling unnecessary toys - like MIME - is quite a lot simpler.

By the way, since I'm on the VULN-DEV list, you needn't send me messages
you're sending there as well.

Michael Wojcik             michael.wojcik () merant com
MERANT
Department of English, Miami University

Current thread:

Conserver Overflow, (continued)
- Conserver Overflow James Snow (May 23)
- Re: Why not a changeling? Jeff Bachtel (May 23)
- Re: Why not a changeling? Michael H. Warfield (May 24)
- Re: Why not a changeling? Michael Wojcik (May 22)
  - Re: Why not a changeling? White Vampire (May 23)
    - Re: Why not a changeling? Dick St.Peters (May 25)
    - Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 22)
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? Maxime Rousseau (May 23)
- Re: Why not a changeling? Michael Wojcik (May 23)
  - Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? rain forest puppy (May 23)
- Re: Why not a changeling? Michael Wojcik (May 25)
- Re: Why not a changeling? prole (May 25)
- Re: Why not a changeling? Maxime Rousseau (May 25)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 29)