Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Non existing attachments, more info
From: "William D. Colburn (aka Schlake)" <wcolburn () nmt edu>
Date: Wed, 20 Feb 2002 10:07:15 -0700

You can't discard "bad" messages because you can't identify them.  RFC
compliant messages can contain stuff that end-user software might
interpret specially.  The MyParty is an example.  It is a compliant
message that contains a bunch of garbage in it that no (sane) human can
read.  The problem is that some end-user software is too smart for its
own good and finds content (the garbage) where none should exist and
then turns it into an "attachment".

There is no solution.  You can't force companies to stop making
bugs ("innovations") in their software.  You can't reasonably locate
every bug ("innovation") in every peice of software.  Even if you could
locate every bug, imagine how hard it would be to write software that
contained all the known bugs in all known mail processing software
(there lots of groups that attempt this feat on a daily basis so I think
we know how hard it is).

I think we are stuck reacting proactively to discovered holes from now
until the end of time.  Even if we stop using the current bad-guy (MS),
some other company would step in to add new bugs ("innovations") that
users desperately want.  We will never reach a point of stability where
nothing new is ever invented.

On Tue, Feb 19, 2002 at 04:20:25PM -0500, David F. Skoll wrote:
You are probably right, but that breaks the "robustness principle": be
conservative in what you do, be liberal in what you accept from others
(RFC 793, referring to TCP, but a widely-held philosophy in Internet
standards.)

I think that reformatting the message as valid MIME is a reasonable
compromise, because it should ensure that MUA's interpret the message
the same way the scanner did.  However, when I have time, I will add
the option to my scanner to reject suspicious messages of any type.

Long term, though, the only way around e-mail-borne malware is to stop
using susceptible programs like Windows and Outlook.  It is this last
step that people are reluctant to take.

--
David.

--
William Colburn, "Sysprog" <wcolburn () nmt edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault