From: root at hackingteam.it To: vince at hackingteam.it [and who?]

grarpamp grarpamp at gmail.com
Fri Jul 10 14:41:23 PDT 2015


On Fri, Jul 10, 2015 at 4:11 AM, Georgi Guninski <guninski at guninski.com> wrote:
> On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote:
>> On Fri, 10 Jul 2015 00:00:20 -0700, Tom <tom at vondein.org> wrote:
>>
>> >http://ptrace.fefe.de/fpalm30c3.jpg
>>
>> I actually appreciate content posted in message, get tired of having
>> to fire up a browser for links. Also every click on a browser link
>> is a potential attack whereas plain-text in an email is not.
>
> Are you sure plain-text email is not potential attack?
>
> There have been many bugs in text mail clients.
>
> IIRC shell shock affected qmail local delivery (and maybe
> procmail).

Affection is possible...
http://www.gossamer-threads.com/lists/qmail/users/138578

Moral: Validate input and pipelines. Even if only a silly regex sanity filter on
instruction metadata (email addresses), ie: [A-Za-z0-9._ at +-] mod utf-8
Security is not being liberal in what you accept.



More information about the cypherpunks mailing list