lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43BD20A8.30800.239C9947@localhost>
Date: Thu Jan  5 13:39:26 2006
From: stuart at cyberdelix.net (lsi)
Subject: WMFs blocked with MIME

Preliminary testing reveals that emails containing WMF files can be 
blocked by filtering for the MIME-encoded WMF header.  This approach 
works even if the file is called WORD.DOC.  The string to check for 
is:  

183GmgAA

These 8 bytes appear as the first 8 bytes of a MIME-encoded WMF.  
Thus, blocking all emails with those bytes in will block all emails 
containing WMFs.  

This technique can be used with common spam filters.  

Regarding web-based WMFs, of the three browsers on this system, only 
IE knows what to do with WMFs.  Fortunately, I don't use IE.  This 
is, however, one more reason I can use to convince my customers to 
dump it.  

Stu

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ