lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F44B35F.25623.78E488E1@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Administrivia: Testing Emergency Virus Filter..

"Schmehl, Paul L" <pauls@...allas.edu> to Richard M. Smith:

> > The email infrastructure (SMTP servers, POP servers, 
> > Web-based email systems, list serve software, etc) should all 
> > be doing the same stripping of exectuables.  
> > 
> I would go farther.  SMTP was never designed as a file transfer
> mechanism, and it should not allow file transfer.  This would solve both
> the problem of email attachment viruses *and* the scourge of the
> Internet, HTML email.

Whilst I understand the attraction of this idea, I have two _major_ 
objections to it:

1.  Some of us _REALLY DO_ have to receive executable and like 
attachments.  Dealing with folk for whom it is a major accomplishment 
to talk through attaching any file to an Email message so you can get a 
copy of some suspect file off their (very remote from you) machines is 
part and parcel of normal day-to-day work for a small but significant 
number of technical folk.  The problem is not that _we_ cannot handle 
the technology but that those who most need help have a great deal of 
trouble with it.  If your "solution" to this problem is to sugegst that 
some new file transfer mechanism should be devised and implementations 
widely distributed, then you will simply move the target of choice for 
the bad guys from SMTP to "Paul And Richard's Excellent And Easy To Use 
New File Transfer Protocol" because you can guarantee that some popular 
OS developer's implementors will feel the need for an auto-accept 
option and a little tick box in the "Do you want to accept FileX from 
PersonY" dialog that says "Do not show me this message again" (if you 
work for MS, yes that is directed at you).

2.  I suspect that Mr Turing and a his halting problem will intervene 
in any attempt to devise a foolproof "this message contains an 
attachment" mechanism.  The obvious choice to break any such system is 
steganographic encoding of a binary stream into a text message.  It may 
be grossly inefficient, but do you think that really matters?


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ