lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nion at gmx.net (Nico Golde)
Subject: NEVER open attachments

Hallo Jeremiah,

* Jeremiah Cornelius <jeremiah@....net> [2004-03-20 11:03]:
> > Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu>, Nico Golde, Frank >
> > Knobbe, et al have wonderful things to say and contribute great 
> > things to this list, but i have never read anything they post because 
> > they post as attachments. 
> > Yes, granted, they are .txt attachments but that is no excuse as it's >
> > just a matter of time before they are exploited. 
> 
> The blinking signing is so that you CAN trust the source!  Assuming you have
> verified the sender's key and trust them for safe practices, open
> attachments 'till you get RSI!  The NEVER OPEN rule is a dogma for
> unverified senders - you /knew/ that.

i think the philosophy of never open attachments is only true if your
mailer sucks.
regards nico
-- 
Nico Golde                | nico@...lde.de      | 310777820@ICQ | nion@....net
http://www.ngolde.de      | GnuPG Key: http://www.ngolde.de/gpg/nico_golde.gpg
Fingerprint               | FF46 E565 5CC1 E2E5 3F69  C739 1D87 E549 7364 7CFF 
echo             "[q]sa[ln0=aln256%Pln256/snlbx]sb729901041524823122snlbxq"|dc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040320/3b78c648/attachment.bin

Powered by blists - more mailing lists