[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040402194538.GB9994@netpublishing.com>
From: ggilliss at netpublishing.com (Gregory A. Gilliss)
Subject: FD should block attachments
First, Aunt Tillie ought not to be sending files around the Internet,
IMHO. But we've already lost *that* battle, so ...
Basically, attachments in SMTP sux0r. File Transfer Protocol (which no
one should use since it's insecure) was designed for ... transferring
files. SMTP was not - go ask Eric Allman, he'll know. However other
protocols will do (HTTP works, although blocking sux0rz). SSH comes to
mind (unless Microsoft has co-opted *that* too).
Why not help Aunt Tillie install WinSCP? No more need for server access or
perms or disk quotas (cuz it goes from her craptacular Winbloz box to
someone elses' craptacular Winbloz box) *and* it's secure (or as secure
as anything running on a Winbloz box can be these days).
If we list members are as Godlike as we pretend to be we'd declare a
national holiday and send out one final SMTP attachment to wall the Aunt
Tillies (and Uncle Leos) of the world with WinSCP and a link to some nice,
clear, screen-shot-laden instructions on how to install and configure it.
Oh, of course they'll all need static IPs, which will make beaucoup $$$
for decent ISPs and will help get rid of crappy dynamic PPPoE DSL and
dial-up providers thank heaven. Another nice side benefit, the RIAA can go
hang trying to catch all the *secure* file transfers of mp3 ph1l3z
Now someone go write a GPL WinSSHD so that they'll be able to *receive*
the miserable ph1l3z they'll spew back and forth 8-)
G
On or about 2004.04.02 13:27:19 +0000, Valdis.Kletnieks@...edu (Valdis.Kletnieks@...edu) said:
> This will be more useful once there's a way to do all of the following:
>
> 1) Upload the file to a webserver (which Joe User often doesn't have)
> 2) Set permissions on the file so only the recipients can get it.
> 3) Figure out the resulting URL for inclusion in the mail.
> 4) Deal with removing the file after a week or so.
> 5) All the *other* cruft involved in that whole process.
>
> In general, *not* something your Aunt Tillie can deal with.
--
Gregory A. Gilliss, CISSP E-mail: greg@...liss.com
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
Powered by blists - more mailing lists