Re: SCO going after BSD???
On Wed, 19 Nov 2003, Kris Kennaway wrote: There's no possible sense in which this can be true. Plain text attachments do not create a security or virus risk. Give Microsoft some time -- Kris Kirby, KE4AHR [EMAIL PROTECTED] TGIFreeBSD IM: 'KrisBSD' BIG BROTHER IS WATCHING YOU! This message brought to you by the US Department of Homeland Security ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCO going after BSD???
On Wed, Nov 19, 2003 at 10:28:04PM -0600, Minnesota Slinky wrote: I talked to a couple of people who do beta testing for Microsoft and they said the issue came up a few years ago. According to them (one being my father), it has to do with security and virus protection. Again, this is second-hand, so take it for what it's worth... There's no possible sense in which this can be true. Plain text attachments do not create a security or virus risk. Kris pgp0.pgp Description: PGP signature
Re: SCO going after BSD???
Gregory Sutter wrote: Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline These headers show that the part is not an attachment but should be displayed inline, and that it contains pure text that doesn't need a special handler to be displayed. Why Outlook Express fails to recognize this, and why Microsoft fails to issue a patch to fix the problem, is unknown. Most mail worm implmentations uses an inline disposition to force the activation of an exploitable helper program to interpret content when the message is opened. Yes, they should recognize that text/plain is not an exploitable type unless there is a registered external helper for that type that overrides internal rendering as plain text (e.g. Word), even though text/html is, bt at least they are attempting to prevent exploits these days. FWIW, most mail programs don't recognize multipart/*, and will only render in the case of multipart/mixed or multipart/message messages. Also, for a signed message, there is no reason to put the text part in a separate container object, unless your mail program is stupid, since there is still a global RFC-822 message body that pertains following the crlfcrlf at the end of the last header line, and prior to the declared boundary= from the RFC-822 header's Content-Type: header line. In other words, a content type part of text/plain, even on a multipart/mixed is unnecessary extra encapsulation, and just makes the mail a PITA to read because you can't trust attachments, and stupid programrs should stop doing MIME encapsulation unnecessarily, just because it's easier, or because they've figured out how, or because they're too lazy to deal with the text part being at a higher point in the hierarch than the signature part, or because they're using limited capability class libraries to implement their MIME. -- Terry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCO going after BSD???
Kris Kennaway wrote: On Wed, Nov 19, 2003 at 10:28:04PM -0600, Minnesota Slinky wrote: I talked to a couple of people who do beta testing for Microsoft and they said the issue came up a few years ago. According to them (one being my father), it has to do with security and virus protection. Again, this is second-hand, so take it for what it's worth... There's no possible sense in which this can be true. Plain text attachments do not create a security or virus risk. When your message has Content-Disposition: inline, and the handler for rendeing Content-type: text/plain happens to be Microsoft Word... -- Terry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCO going after BSD???
On Thu, Nov 20, 2003, Terry Lambert wrote: Gregory Sutter wrote: Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline These headers show that the part is not an attachment but should be displayed inline, and that it contains pure text that doesn't need a special handler to be displayed. Why Outlook Express fails to recognize this, and why Microsoft fails to issue a patch to fix the problem, is unknown. Most mail worm implmentations uses an inline disposition to force the activation of an exploitable helper program to interpret content when the message is opened. Yes, they should recognize that text/plain is not an exploitable type unless there is a registered external helper for that type that overrides internal rendering as plain text (e.g. Word), even though text/html is, bt at least they are attempting to prevent exploits these days. I'm not sure that text/plain isn't exploitable in OutLook. I seem to remeber something about Outlook interpreting a line starting with ``BEGIN '' (two spaces after BEGIN) as the start of a program to be executed. I don't use any of the Microsoft virii so, and if I did, I would never use the worm vector, Outlook, so can't confirm this. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ When only cops have guns, it's called a ``police state''. -- Claire Wolfe, 101 Things To Do Until The Revolution ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SCO going after BSD???
http://www.atnewyork.com/news/article.php/3110981 Has anyone seen this? Now SCO is apparently planning on filing suit against BSD and users like us? I had been watching the SCO vs. Linux thing from the sidelines, now it looks like we're in the game too. Sean ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCO going after BSD???
On Wed, Nov 19, 2003 at 05:44:45PM -0700, Sean Countryman wrote: http://www.atnewyork.com/news/article.php/3110981 Has anyone seen this? Now SCO is apparently planning on filing suit against BSD and users like us? Yes, it's been discussed on other lists where it's not off-topic. I had been watching the SCO vs. Linux thing from the sidelines, now it looks like we're in the game too. Don't panic, nothing's happened yet. Kris pgp0.pgp Description: PGP signature
Re: SCO going after BSD???
is this a unix thing or what. many times i get messages from the list were the message is an attachment and not in the email. was curious as to why. thanks newbie marine - Original Message - From: Kris Kennaway [EMAIL PROTECTED] To: Sean Countryman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:52 PM Subject: Re: SCO going after BSD??? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SCO going after BSD???
On 2003-11-19 20:11 -0500, SWIT [EMAIL PROTECTED] wrote: is this a unix thing or what. many times i get messages from the list were the message is an attachment and not in the email. was curious as to why. The messages you see as attachments are messages that have been PGP signed to prove their authenticity. The problem is with Outlook Express. Not only does it fail to support PGP/MIME (many programs don't support PGP/MIME and still can display PGP signed email correctly), but it is actually broken. Outlook Express ignores the following MIME headers in the message: Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline These headers show that the part is not an attachment but should be displayed inline, and that it contains pure text that doesn't need a special handler to be displayed. Why Outlook Express fails to recognize this, and why Microsoft fails to issue a patch to fix the problem, is unknown. [ Response paraphrased from: http://lists.gnupg.org/pipermail/gnupg-users/2003-September/020155.html ] Greg -- Gregory S. Sutter Fighting ignorance since 1975! mailto:[EMAIL PROTECTED] (It's taking longer than I thought.) http://zer0.org/~gsutter/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mail problems (was: SCO going after BSD???)
On Wednesday, 19 November 2003 at 20:11:22 -0500, SWIT wrote: is this a unix thing or what. many times i get messages from the list were the message is an attachment and not in the email. was curious as to why. thanks newbie marine - Original Message - From: Kris Kennaway [EMAIL PROTECTED] To: Sean Countryman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:52 PM Subject: Re: SCO going after BSD??? Kris PGP signs his mail (like I do). This requires MIME. Most MUAs show text/plain attachments directly. Greg -- See complete headers for address and phone numbers. pgp0.pgp Description: PGP signature
RE: SCO going after BSD???
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gregory Sutter Sent: Wednesday, November 19, 2003 7:39 PM To: SWIT Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: SCO going after BSD??? On 2003-11-19 20:11 -0500, SWIT [EMAIL PROTECTED] wrote: is this a unix thing or what. many times i get messages from the list were the message is an attachment and not in the email. was curious as to why. The messages you see as attachments are messages that have been PGP signed to prove their authenticity. The problem is with Outlook Express. Not only does it fail to support PGP/MIME (many programs don't support PGP/MIME and still can display PGP signed email correctly), but it is actually broken. Outlook Express ignores the following MIME headers in the message: Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline These headers show that the part is not an attachment but should be displayed inline, and that it contains pure text that doesn't need a special handler to be displayed. Why Outlook Express fails to recognize this, and why Microsoft fails to issue a patch to fix the problem, is unknown. [ Response paraphrased from: http://lists.gnupg.org/pipermail/gnupg-users/2003-September/020155.html ] Greg -- Gregory S. Sutter Fighting ignorance since 1975! mailto:[EMAIL PROTECTED] (It's taking longer than I thought.) http://zer0.org/~gsutter/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I talked to a couple of people who do beta testing for Microsoft and they said the issue came up a few years ago. According to them (one being my father), it has to do with security and virus protection. Again, this is second-hand, so take it for what it's worth... Eric F Crist President AdTech Integrated Systems, Inc (952) 403-9000 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
