| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: A.J.Caines at halplant.com (Andrew J Caines) Subject: Re: [FD] FD should block attachments Michael, > I think FD should change their policy and block all attachments, except > maybe plain text file's. Since some folks presumably want to be able to send and receive the latest MS innovations and other attachments, why don't you just block whatever you don't want to receive? I certainly do. The increasing trend of solving security problems by throwing out the baby, bathtub and any bathroom fittings which can be torn off is disturbing. It's much the same as the prevalence of the "There should be a law against that!" culture. This is certainly not to say SMTP is a good choice of file transfer protocol, or that it's an efficient use of resources. Perhaps a more friendly solution would be to have a per-user option to have attachments (some or all types) stripped. I'm not sure it this is something Mailman can easily do, but since it already has MIME-specific handling for digest, I can't imagine it being too hard. -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@...plant.com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |
Powered by blists - more mailing lists