[44803] in North American Network Operators' Group
Re: "Cisco Release Of Goner Worm Raises Eyebrows" (Newsbytes)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Dec 14 21:03:10 2001
Message-Id: <200112150202.fBF22L3Q025266@foo-bar-baz.cc.vt.edu>
To: "..." <goemon@anime.net>
Cc: Simon Lyall <simon.lyall@ihug.co.nz>, nanog@merit.edu
In-Reply-To: Your message of "Fri, 14 Dec 2001 16:25:40 PST."
<Pine.LNX.4.33.0112141623490.3344-100000@sasami.anime.net>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_432930745P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 14 Dec 2001 21:02:21 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_432930745P
Content-Type: text/plain; charset=us-ascii
On Fri, 14 Dec 2001 16:25:40 PST, "..." said:
> He does bring up an interesting point though. Is there ANY legitimate
> reason to allow ANY file attachments through nanog ml?
Yet another attack on multipart/signed. Geez. ;)
> I can't imagine any legitimate reason for someone to send a file
> attachment to EVERY single nanog ml member. A URL pointer to a file would
MIME attachments are not the problem.
The problem is people who insist on using mail software that fails to
address the security considerations of executable content.
Compounding the problem are people who insist on confusing "problems with
executable MIME attachments" with "problems with all MIME attachments
because one vendor ships a product that will execute anything that
resembles ones and zeros more than my goldfish does".
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_432930745P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.5 07/13/2001
iQA/AwUBPBqvLXAt5Vm009ewEQIitACfVCD39THvzFHKZL4kcQeurOj19ioAoNMI
GQ0tfQ3T9EefVSvMoF7GpSzq
=pvJJ
-----END PGP SIGNATURE-----
--==_Exmh_432930745P--
