lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D16CA123-8A7F-11D8-9B84-000A958E4F56@joshie.com>
From: jlevitsk at joshie.com (Joshua Levitsky)
Subject: Trojan Horse for Mac OS X

On Apr 9, 2004, at 7:33 PM, Larry Seltzer wrote:

>>> Actually this is not correct. By default they will deny you the 
>>> ability to save or
> open the attachments, but they do not strip anything.
>
> Same difference, and in any event Outlook/OE sounds nothing like 
> Mail.app, but very much
> like what the person you corrected said.
>

Not the same. If you see the file there (which you do when the security 
option is on) then you absolutely know what you are missing, and that 
can lead to someone going to the options and turning the feature off. 
Perhaps if the option wasn't in the GUI, but instead was a registry 
hack then I would agree with you, but it's in the GUI to disable it and 
you do see the file attachments exist when the option is on so it's not 
really such a good feature.

Personally on my own mail servers I simply block all attachments that 
could be executable as well as those same files in zip archives because 
email is not the proper means of transmission for such files.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ