Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why not a changeling?

From: whitevampire () MINDLESS COM (White Vampire)
Date: Thu, 25 May 2000 20:43:43 -0400

On Tue, May 23, 2000 at 02:45:12PM -0700, Michael Wojcik(Michael.Wojcik () MERANT COM) wrote:
: >     Not necessarily give up attachments.  That is an excessive
: > solution for a pretty simple problem.
: 
: Excessive in what way?  I've *never* received an attachment that couldn't
: have been better delivered in another manner, and I receive several every
: day, from co-workers and customers and others.  The world went along just
: fine in the days before MIME.

        In defense of attachments and MIME: at times eMail was the only
available method for me to transfer a file or some sort of data.  It has
its usefulness.  MIME also has  valid uses.  For one, PGP signatures are 
less intrusive in MIME format.

        I personally do not consider attachments or MIME to be the
problem, just the way software (or the OS behind it) handles them.

: Same here, and I've yet to suffer - directly - the depredations of an email
: virus, or any other malicious software.  Unfortunately, every time some
: yahoo writes one of these things, a few dozen less-vigilant fellow employees
: set it off, and down go the shared resources, which affects my work.

        I understand where you are coming from, as you have to deal with
the after-effects of such things.  (As do myself and many other
people.  I get random calls from people I know wanting me to remove the
evil "virus" they have "on their hard drive."  Not to mention other
various implications.)

: And stupid facilities, like email attachments.

        Not necessarly stupid facilities, the implementations are more
directly at fault.

: Yes, you could greatly reduce the problem by eliminating one of the four.
: Eliminating stupid software and stupid implementations doesn't look likely
: to happen anytime soon, and it's illegal to eliminate stupid users.
: Disabling unnecessary toys - like MIME - is quite a lot simpler.

        chuckle.

: By the way, since I'm on the VULN-DEV list, you needn't send me messages
: you're sending there as well.

        It is general policy to send to both the person you are
responding to and the list, in case the moderator chooses not to send
your response to the list as a whole.

        To clarify:

        Both what you suggest and what I suggest would be valid
solutions to some of the problems.  (On a long list of problems.)  I
would not mind seeing either implemented, as it is one less thing to
worry about.  I agree with a lot of what you are saying, nevertheless it
does not discount other options.

Regards,

-- 
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."


<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: