lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <m1C8in6-0005FIC@proven.weird.com>
Date: Sat, 18 Sep 2004 13:14:28 -0400 (EDT)
From: "Greg A. Woods" <woods@...rd.com>
To: Borja Marcos <borjam@...enet.es>
Cc: David Covin <dcovin@....mgh.harvard.edu>,
	"BUGTRAQ: Full Disclosure Security Mailing List" <bugtraq@...urityFocus.com>
Subject: Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue


[ On Friday, September 17, 2004 at 14:08:33 (+0200), Borja Marcos wrote: ]
> Subject: Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
>
> 	If someone builds faulty software which generates bad MIME headers, 
> such messages should be treated as hostile messages and dropped. 
> Period.

You are 110% correct.

Thank you very much for saying that, and I would suggest that at the
current time it is something which cannot be repeated too many times.

Far too few software developers understand the idea of "failing safely".

Passing on "cleaned" or "de-fanged" messages is a guaranteed way of
failing catastrophically.

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@...ohack.ca>
Planix, Inc. <woods@...nix.com>          Secrets of the Weird <woods@...rd.com>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ