Nick, wasn't that Braid? (The damn viruses all seem to run together now, there's so many of them.)
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Nick FitzGerald [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 2:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] How often are IE security > holes exploited? > > I forget exactly which offhand (perhaps the first Yaha or > something just before it?) took advantage of the CR-only (or > LF-only??) line break issue, in which many Unix mail servers > will incorrectly pass what should be CRLF line-terminations > and are otherwise invalid characters in standard SMTP > traffic. Several content filter and AV Email scanner parsers > "mis-handled" these messages, missing the attachments > entirely (why these products were not written from the > beginning to "fail closed" has still not been satisfactorily > answered) and passing the bad messages on. Of course, > Outlook and/or OE "happily" saw the messages as intended and > they would detach and run the atatchments (and of course the > users, feeling "safe" because they knew their Email was > scanned for bad things, happily double-clicked away...). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
