On Tuesday 30 September 2003 19:53, Karsten M. Self wrote: > on Tue, Sep 30, 2003 at 12:11:16PM -0400, Mike Mueller ([EMAIL PROTECTED]) wrote: > > On Tuesday 30 September 2003 02:05, Karsten M. Self wrote: > > > Seems > > > like about the only way we're going to get a reasonable handle on this > > > barring ISPs refusing to carry executables in email format. > > > > Hear! Hear! No more attachments - period. I'll settle for elimination > > of any known sort of executable though. > > No. > > Specifically: executables. Various other mail 'sploits -- there are > some header buffer overflows, IIRC affecting LookOut -- exist and should > be filtered as well. But specifically, AUPs against transmission of > executable content, and concomittant filtering, would serve a useful > purpose. There are opaque formats, from zip to tarball to encrypted > payloads, which can be used by those sufficiently clueful to handle the > task appropriately. > > MIME attachments of themselves serve many useful functions. There's an > awful lot of baby in that bathwater. Starting with the signature on > this message.
The thing I find fascinating is that if you imagine all email attachments eliminated indiscriminately, there is always a work-around using currently available techniques. It seems that the safest form of information push is unformatted text. If a richer set of information is needed then pull techniques are available. Fixing bad stuff from pull-sources would be easier that stopping bad stuff from push sources. The sacrifice is convenience - or is it? Less Swen-like items in my mailbox would be convenient. -- Mike Mueller 324881 (08/20/2003) Make clockwise circles with your right foot. Now use your right hand to draw the number "6" in the air. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]