lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200207201522.g6KFMemk083127@mail13.megamailservers.com>
From: jack at malware.com (Jack)
Subject: Re: Outlook Express Attachment Property Spoofing Vulnerabilities

It's in the archives. They can't be bothered. More important and 
serious concerns to attend to.

As far as they are concerned, as long as there is "a warning" 
dialogue, it is up to the user to accept or not accept. They as the 
vendor have done there job as long as there is warning.  Thereafter, 
tough luck to you if you get snagged.

Strange philosophy.

----- Original Message ----- 
From: Roland Postle 
To: full-disclosure@...ts.netsys.com 
Sent: Saturday, July 20, 2002 11:06 AM
Subject: Re: [Full-Disclosure] Re: Outlook Express Attachment 
Property Spoofing Vulnerabilities


So why hasn't MS fixed them then? Will it take a big email virus, and 
more
mass hysteria, before they do?

Personally I get sent a lot of virus and rely on knowing the 
extension. They
frequently use the spaces before extension vulnerability (so I'll get
somthing like 'hello.mp3     .scr') but I always notice these before 
opening
them anyway. However, combined with the other vulnerabilities you 
mention I
could probably be tricked into opening a virus. God help the clueless
people.

- Blazde

----- Original Message -----
From: "Jack" <jack@...ware.com>
To: <news@...uriteam.com>; <bugtraq@...urityfocus.com>;
<full-disclosure@...ts.netsys.com>
Cc: <mattmurphy@...rr.com>
Sent: Saturday, July 20, 2002 2:27 PM
Subject: [Full-Disclosure] Re: Outlook Express Attachment Property 
Spoofing
Vulnerabilities


> Dude, they are all two years old:
>
> http://www.securityfocus.com/bid/2260
> http://www.securityfocus.com/bid/3271
>


_______________________________________________
Full-Disclosure - We believe in it.
Full-Disclosure@...ts.netsys.com
http://lists.netsys.com/mailman/listinfo/full-disclosure

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ