On Fri, 5 May 2000 [EMAIL PROTECTED] wrote:
> > > So your method wouldn't work to smuggle an EXE in to *our*
> network.
> > > 'Course, if you're really determined you can just pack it up in
> some
> > > obscure format ... say by binhexing it, then bzipping it...
> > >
> >
> > Not quite true. There's no point in a baddie sending you a
> > BinHex'ed/GZIP'ed file as you're not going to be bothered finding out
> how to open it.
>
> This discussion wasn't about how a "baddie" could send in an EXE .. it
> was about how an authorized internal user could smuggle one in.
>
> Which again makes the point that FIREWALLS PROVIDE NEXT TO NO DEFENSE
> AGAINST INSIDERS WITH BAD INTENTIONS.
>
Insiders do not always have to have bad intentions though, as was the case
of my mentioning getting exe's inside. What was weird was that the notes
mail servers actually mentioned how to get around the restrictions when
replying back the mails attachment was blocked. In this case, it seems to
me to be a problem with site policy not being followed on all ends, or
confusion in the least about what site policy was/is.
Point: either exe and other such content is not allowed or it is, this
should most likely not be something ambiguos and abstract. Bending rules
and policies makes for confusion and no real policy at all, yes?
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
