lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <E1B4QJu-0006Bi-00@nebulous.nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: NEVER open attachments

> Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu>, Nico Golde, Frank >
Knobbe, et al have wonderful things to say and contribute great 
> things to this list, but i have never read anything they post because 
> they post as attachments. 
> Yes, granted, they are .txt attachments but that is no excuse as it's >
just a matter of time before they are exploited. 

These gentlemen do not post as attachments.  They SIGN their messages, and
some clients insist on representing inline S/MIME and OpenPGP messages as
attachments.

Five will get you 10, that you are using Outlook Express, or an MS Outlook
prior to OfficeXP.

The blinking signing is so that you CAN trust the source!  Assuming you have
verified the sender's key and trust them for safe practices, open
attachments 'till you get RSI!  The NEVER OPEN rule is a dogma for
unverified senders - you /knew/ that.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ