Eugene.Leitl@lrz.uni-muenchen.de wrote:
>
> "Michael M. Butler" wrote:
> >
> > FYI to the list: it might be making the rounds again. Don't open .exe
> As to authentication by sender, that's bogus, as many worms send themselves
> on automatically, and morever, headers are easily forged, so ackphtphtphtpht.
I did not say "apparently from" or "having a header saying 'from:'"--I
said "from". But I should have worded it even more strongly: don't run
executables. :)
> I suggest using a mailer written in a buffer-overrun-free language, running
> on an OS with decent security, and accept only executables from a trusted
> source, as verified by having a good signature. Though a worm could snarf a
> PGP/GPG passphrase, that threat model is strictly theoretical.
In fact, I am putting FreeBSD on a machine this very weekend. If it
turns out to be fragile, I'll move to OpenBSD.
Mike
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 09:59:39 MDT