On Thursday, June 26, 2003, at 07:11 AM, Jim Ray wrote:
[snip]what was the security problem with winmail.dat? a buddy of mine that works for microsoft is interested in correcting the problem.
also, i looked at the trilug.org web site and pulled up one of my posts with winmail.dat. it looked like a bunch of garbage. any way to get the message back, or is it toast?
i don't really know what winmail.dat is; however, this
one guy really got his panties in a wad over it and
cited security reasons.
Jim,
If you're referring to my original complaint, you are (to put it kindly) prone to exaggeration, overreaction and outright fabrication. I've copied your Microsoft buddy because you've been spoon feeding him some tall tails.
What I *really* said was:
Jim could you please have a look at: http://support.microsoft.com/support/kb/articles/Q241/5/38.ASP http://support.microsoft.com/support/kb/articles/Q138/0/53.ASP http://www.microsoft.com/TechNet/exchange/2505ch10.asp
Microsoft doesn't even want winmail.dat attachments going out to the Internet (let alone the majority of people on a Linux mailing list), and it can be disabled by the sender. The purpose of these attachments is entirely for internal email use where all recipients are known to be using Outlook.
I'm posting to the list for the benefit of the archives in case someone else starts sending these winmail.dat attachments to the list.
(Don't take my word for it; this is in the archives)
And my other earlier more subtle response to your attachments was:
On Thursday, May 1, 2003, at 01:20 PM, Jim Ray wrote:
but but but i don't like spam...[snip]<winmail.dat>
Or unwelcome file attachments for that matter. :-(
It was not expressed or implied that this was a security problem. You made this up.
And the winmail.dat is not only attached when Mac users check their mail; an attachment is an attachment, and everyone will get it (it shows up in mutt & pine both, as well as Mail.app). Even your Microsoft buddy should know that. His employer published every one of those three white papers I linked to with regards to shutting these things off and not sending them to external recipients.
Jim, maybe you should just bite the bullet and hire a consultant that understands Windows systems to get that little problem of yours fixed up. Maybe you can also read up on PGP signatures, and realize that they are useful while winmail.dat is not. There is probably a basic class somewhere you can take to get up to speed, or maybe hire someone who knows their way around how to use email to show you around.
(As for [EMAIL PROTECTED], I'm sorry if Jim fed you a line of crap and if you trusted his word & ate it. Really. I'm just a humble UNIX guy and even I figured out how to fix my Exchange server to not do this when I had one under my care. Why this small problem has turned into such a big deal boggles the mind.)
--
C. Magnus Hedemark http://trilug.org/~chrish PGP Key fingerprint = 984D 9A88 3D60 016F BE01 1506 60FB 85E1 9ABD 96F6
PGP.sig
Description: PGP signature
