[38001] in North American Network Operators' Group
Re: EMAIL != FTP
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat May 26 16:41:08 2001
Message-Id: <200105262036.f4QKah124205@foo-bar-baz.cc.vt.edu>
To: Mitch Halmu <mitch@netside.net>
Cc: nanog@nanog.org
In-Reply-To: Your message of "Sat, 26 May 2001 15:46:56 EDT."
<Pine.SOL.3.91.1010526152132.2647T-100000@sunny.netside.net>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1750218816P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Sat, 26 May 2001 16:36:43 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_1750218816P
Content-Type: text/plain; charset=us-ascii
On Sat, 26 May 2001 15:46:56 EDT, Mitch Halmu said:
> Hmmm, I'm looking at an encoded snowhite message body right now. midgets.scr
> encoded in base64, and transmitted as an attachment. Can provide you a
> copy in private if you want to take it apart (but not on a PC, or you'll
> get a *huge* surprise ;)
Notice the surprise isn't when your broken MUA decodes it from base64 to
binary. The surprise is when your broken MUA then takes that binary and
does something stupid with it.
> All others in that family that I looked at were also encoded. Did anyone
> get a raw binary via regular email?
And if you pay any attention - it's *NOT* the base64 decoding that protects
you from these things - it's HAVING AN MUA THAT ISN'T STUPID ABOUT RUNNING
EXTERNAL CODE.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_1750218816P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOxAT23At5Vm009ewEQKJtQCfUbbYJ3ISWspwK6yyyzSR/aeFj+AAnjXD
whs0LZbj/Pg7/YpQuSKOCom1
=jfoY
-----END PGP SIGNATURE-----
--==_Exmh_1750218816P--
