Home page logo

nanog logo nanog mailing list archives

Re: Mobile code security (was Re: rr style scanning of non-customers)
From: Paul Vixie <paul () vix com>
Date: Mon, 16 Jun 2003 08:56:05 +0000


3) why would anyone ever run outlook

i love outlook2003.  no joke, i use it every day.  whenever i get an
attachment that seems reasonable and i need to open it, i put it in the
folder that outlook can see, and i read it.  i also share a calendar (in
three directions) using outlook's "iCalendar" support.  i edit my cell
phone's directory using a shared outlook address book.  for what it's
intended to do, outlook works really great.  it's only when you let it
open *all* the e-mail you get, that its weaknesses prevail.

moral of story: i think the security model is terrible, and i think the
fact that credible or similarly-dominant alternatives do not exist is
reprehensible, but the applications themselves, like outlook, seem to
work pretty well once you put them inside a lockbox.  (i guess hundreds
of companies are now in the business of selling such lockboxes, too.)

the real failure, the thing that actually burns my hash, is when my spam
complaints or noc correspondance are robotically bounced because they
contain dangerous mime attachments of type "message/rfc822" (spam
examples) or "text/plain" (traceroute or tcpdump output).  if your noc
or abusedesk has such a robot protecting it, you ought to be ashamed.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]