[free-sklyarov] OT: [postmaster at eth.net: Mail Delivery Status Notification]

Karsten M. Self kmself at ix.netcom.com
Fri Nov 16 13:40:52 PST 2001 

on Fri, Nov 16, 2001 at 08:49:47AM -0600, measl at mfn.org (measl at mfn.org) wrote:
> On Fri, 16 Nov 2001, A. Melon wrote:
> 
> > Would someone please inform the recipient listed in the bounce message
> > below, and his/her postmaster that GPG signatures in RFC 2015 MIME
> > encoded form are not hazardous attachements?

Yeah, that's me.

> <snip>
> 
> > DishnetDSL SENDER NOTIFICATION
>  
> <snip>
>  
> > has been stripped of all/certain attachments by DishnetDSL Mail server due 
> > to security reasons.
> >          
> > DishnetDSL allows only the following attachments:
> > 
> > 1. .doc
>      ^^^^ Maybe safe, depending on what produced it, and who recieves it.
> > 2. .txt
> > 3. .xls
>      ^^^^ Oh yeah, *thats* secure!
> 
> > 4. .ppt
> > 5. .pdf
>      ^^^^ Usually OK, but...

There are some PDF exploits I've heard of, not sure if they're
theoretical or not.  Postscript itself is not immune, as it's an
executable format itself.  There's discussion I've heard of Postscript
exploits which would be resident in printer networks.

Powerpoint's also got its problems.  ZIP is a panapoly which encompasses
a whole slew of formats.  And even good old .TXT is not secure if my
understanding of MSFT filehandling is right.  Associate .TXT with MS
Word, add a .TXT extension to a MS Word file with a macro virus, and
you're back to the root problem.  A similar issue exists with RTF files
if they're opened by MS Word by default -- the extension determines the
application, but not the method(s) used for opening the file.

I'm of the opinion that MIME has its uses.


-- 
Karsten M. Self <kmself at ix.netcom.com>       http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             Home of the brave
  http://gestalt-system.sourceforge.net/                   Land of the free
   Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire                     http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20011116/473b94f7/attachment.sig>

More information about the cypherpunks-legacy mailing list