Re: Bogus reply-to - fun

To: John Summerfield <debian@ComputerDatasafe.com.au>
Cc: debian-user@lists.debian.org
Subject: Re: Bogus reply-to - fun
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Sat, 7 Aug 2004 20:48:09 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1040807204304.22479A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 41159F7D.4020207@ComputerDatasafe.com.au>

On Sun, 8 Aug 2004, John Summerfield wrote:

> I presume Alvin thinks that sending mail  to &halt;@their-domain.com  
> might  shutdown someone's system. Might.

"might" was the whole point of the entertainment
( if it works, it'd be super hilarious - esp since its NOT supposed to
work )

> It's pretty improbable that it would work because
> a) If so, It's a pretty obvious security vuln that would have been 
> noticed by now if it existed in any mainline software.

too many new mua coming online daily ... and people tweeking this
and tweeking that for "their version of i want it this way"

> b) /sbin and /usr/sbin are not normally in users' paths.

not normally, but how many have it set ..
( how many went in an added it for non-root users )

> c) Halting someone's computer might be inconvenient, but rarely harmful.

inconvenient is a good way to show what could have been worst

> Note that if this could be done, Linux would be a pretty handy medium 
> for distributing viruses and spam.

they're having too much fun writing stuff for the other boxes

c ya
alvin

- for the dup emails ... its just super odd that that the unwanted
  cc arrives after the posts to the public list have already occured ...

Reply to:

References:
- Re: Bogus reply-to
  - From: John Summerfield <debian@ComputerDatasafe.com.au>

Prev by Date: Re: Sid is Sid, before or after a release, right?
Next by Date: Re: Bogus reply-to - dups
Previous by thread: Re: Bogus reply-to
Next by thread: Re: Bogus reply-to
Index(es):
- Date
- Thread