lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040402155454.GA35657@hal9000.halplant.com>
From: A.J.Caines at halplant.com (Andrew J Caines)
Subject: Re: [FD] FD should block attachments

Michael,

> I think FD should change their policy and block all attachments, except
> maybe plain text file's.

Since some folks presumably want to be able to send and receive the latest
MS innovations and other attachments, why don't you just block whatever
you don't want to receive? I certainly do.

The increasing trend of solving security problems by throwing out the
baby, bathtub and any bathroom fittings which can be torn off is
disturbing. It's much the same as the prevalence of the "There should be a
law against that!" culture.

This is certainly not to say SMTP is a good choice of file transfer
protocol, or that it's an efficient use of resources.


Perhaps a more friendly solution would be to have a per-user option to
have attachments (some or all types) stripped. I'm not sure it this is
something Mailman can easily do, but since it already has MIME-specific
handling for digest, I can't imagine it being too hard.


-Andrew-
-- 
 _______________________________________________________________________
| -Andrew J. Caines-   Unix Systems Engineer   A.J.Caines@...plant.com  |
| "They that can give up essential liberty to obtain a little temporary |
|  safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ