From: root at hackingteam.it To: vince at hackingteam.it [and who?]

Cathal (Phone) cathalgarvey at cathalgarvey.me
Fri Jul 10 16:31:55 PDT 2015


And if your regex engine has vulns? ;)

On 10 July 2015 22:41:23 GMT+01:00, grarpamp <grarpamp at gmail.com> wrote:
>On Fri, Jul 10, 2015 at 4:11 AM, Georgi Guninski
><guninski at guninski.com> wrote:
>> On Fri, Jul 10, 2015 at 12:17:57AM -0700, Seth wrote:
>>> On Fri, 10 Jul 2015 00:00:20 -0700, Tom <tom at vondein.org> wrote:
>>>
>>> >http://ptrace.fefe.de/fpalm30c3.jpg
>>>
>>> I actually appreciate content posted in message, get tired of having
>>> to fire up a browser for links. Also every click on a browser link
>>> is a potential attack whereas plain-text in an email is not.
>>
>> Are you sure plain-text email is not potential attack?
>>
>> There have been many bugs in text mail clients.
>>
>> IIRC shell shock affected qmail local delivery (and maybe
>> procmail).
>
>Affection is possible...
>http://www.gossamer-threads.com/lists/qmail/users/138578
>
>Moral: Validate input and pipelines. Even if only a silly regex sanity
>filter on
>instruction metadata (email addresses), ie: [A-Za-z0-9._ at +-] mod utf-8
>Security is not being liberal in what you accept.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1989 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150711/33e65e4e/attachment-0002.txt>


More information about the cypherpunks mailing list