Home page logo
/

nanog logo nanog mailing list archives

Re: EMAIL != FTP
From: Valdis.Kletnieks () vt edu
Date: Sat, 26 May 2001 16:36:43 -0400

On Sat, 26 May 2001 15:46:56 EDT, Mitch Halmu said:

Hmmm, I'm looking at an encoded snowhite message body right now. midgets.scr
encoded in base64, and transmitted as an attachment. Can provide you a
copy in private if you want to take it apart (but not on a PC, or you'll
get a *huge* surprise ;)

Notice the surprise isn't when your broken MUA decodes it from base64 to
binary.  The surprise is when your broken MUA then takes that binary and
does something stupid with it.

All others in that family that I looked at were also encoded. Did anyone 
get a raw binary via regular email?

And if you pay any attention - it's *NOT* the base64 decoding that protects
you from these things - it's HAVING AN MUA THAT ISN'T STUPID ABOUT RUNNING
EXTERNAL CODE.

-- 
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech


Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]