[24347] in bugtraq
Re: Non existing attachments, more info
daemon@ATHENA.MIT.EDU (William D. Colburn (aka Schlake))
Wed Feb 20 20:42:27 2002
Date: Wed, 20 Feb 2002 10:07:15 -0700
From: "William D. Colburn (aka Schlake)" <wcolburn@nmt.edu>
To: "David F. Skoll" <dfs@roaringpenguin.com>
Cc: "Grimes, Roger" <RogerG@GoldKeyresorts.com>,
Valentijn Sessink <valentyn+bugtraq@nospam.openoffice.nl>,
bugtraq@securityfocus.com, pldaniels@pldaniels.com
Message-ID: <20020220100715.A25550@nmt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.44.0202191616280.9122-100000@shishi.roaringpenguin.com>; from dfs@roaringpenguin.com on Tue, Feb 19, 2002 at 04:20:25PM -0500
You can't discard "bad" messages because you can't identify them. RFC
compliant messages can contain stuff that end-user software might
interpret specially. The MyParty is an example. It is a compliant
message that contains a bunch of garbage in it that no (sane) human can
read. The problem is that some end-user software is too smart for its
own good and finds content (the garbage) where none should exist and
then turns it into an "attachment".
There is no solution. You can't force companies to stop making
bugs ("innovations") in their software. You can't reasonably locate
every bug ("innovation") in every peice of software. Even if you could
locate every bug, imagine how hard it would be to write software that
contained all the known bugs in all known mail processing software
(there lots of groups that attempt this feat on a daily basis so I think
we know how hard it is).
I think we are stuck reacting proactively to discovered holes from now
until the end of time. Even if we stop using the current bad-guy (MS),
some other company would step in to add new bugs ("innovations") that
users desperately want. We will never reach a point of stability where
nothing new is ever invented.
On Tue, Feb 19, 2002 at 04:20:25PM -0500, David F. Skoll wrote:
> You are probably right, but that breaks the "robustness principle": be
> conservative in what you do, be liberal in what you accept from others
> (RFC 793, referring to TCP, but a widely-held philosophy in Internet
> standards.)
>
> I think that reformatting the message as valid MIME is a reasonable
> compromise, because it should ensure that MUA's interpret the message
> the same way the scanner did. However, when I have time, I will add
> the option to my scanner to reject suspicious messages of any type.
>
> Long term, though, the only way around e-mail-borne malware is to stop
> using susceptible programs like Windows and Outlook. It is this last
> step that people are reluctant to take.
>
> --
> David.
--
William Colburn, "Sysprog" <wcolburn@nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/ http://www.nmt.edu/~wcolburn
