From: bear <[EMAIL PROTECTED]> > Heh. You looked at my mail headers, didn't you? Yes, I use pine - > primarily *because* of that property. It treats all incoming messages > as text rather than live code.
BUGTRAQ in the last 3 years lists over 80 mails on pine - including reference to this recently: http://www.idefense.com/advisory/09.10.03.txt which also appears in candidates on cve.mitre.org. (Mitre seem to take unreasonable time in converting candidates to definite problems unless I'm misunderstanding their website.) > [HTML mail] can cause your machine, specifically, to make network > connections to get graphics, style sheets, etc, and will not display That could include web bugs for spammers. I agree it's ridiculous to read mail in a browser but a conventional MUA has risks too. I write all mail to disk and view it with my favourite text editor. This is convenient with practice. Now I only want MUAs for sending mail (it's worth it to get the correct references in my reply headers). I use this script on one of my accounts where I accept HTML mail (reluctantly from a hotmail user). http://www.notatla.org.uk/SOFTWARE/text_lover_mail_filter.plx The HTML conversion is done by lynx (confined by SubDomain). This practice can result in running "mimencode -u" and "metamail -w" on a few things. It's not that common for a non-text message to get past my procmail rules and have me choose to read it. This is all pretty simple but certainly not mass-market. I must order a "told you so" rubber stamp for when my monocultural acquaintances get hacked. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]