Re: Email based attack on University

To: debian-user@lists.debian.org
Subject: Re: Email based attack on University
From: David Wright <deblis@lionunicorn.co.uk>
Date: Wed, 2 Oct 2019 11:57:50 -0500
Message-id: <[🔎] 20191002165750.GC10069@wren.corp>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20191002164713.GA18539@panix.com>
References: <[🔎] dc2186e3-138a-ba0e-3243-fd7766b24db2@gmail.com> <[🔎] 54ee1ddd-6324-4f70-8517-942c4a8e63aa@www.fastmail.com> <[🔎] 20191002124111.GA14534@smallapple.localnet> <[🔎] 20191002132737.GA24055@panix.com> <[🔎] 20191002140602.GA14672@smallapple.localnet> <[🔎] CAJmb-Y=vwP--0cQsF2a--9jGYb4D5tg_MhjHURzPChWCp=qJaA@mail.gmail.com> <[🔎] 20191002154641.GC9844@tuxteam.de> <[🔎] e71167d4-d48b-2e21-2756-f3cf90365241@mailoo.org> <[🔎] 20191002164713.GA18539@panix.com>

On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> 
> > I don't believe MP3 allows executable code by specifications
> > either, so shouldn't the PNG image format.  But think of DSA
> > 4435 which affected libpng earlier this year.  When the OS
> > library for handling multimedia has flaws, if an HTML email
> > embeds a specifically crafted PNG image inlined in the content,
> > then you wouldn't even have to hit the ???preview??? button to be
> > screwed:
> 
> That would logically apply to ASCII text as well.

I'm not sure why an ASCII email would be handed to a multimedia library.

Cheers,
David.

Reply to:

Follow-Ups:
- Re: Email based attack on University
  - From: Carl Fink <carl@finknetwork.com>

References:
- Email based attack on University
  - From: Keith Bainbridge <keithrbau@gmail.com>
- Re: Email based attack on University
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>
- Re: Email based attack on University
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Email based attack on University
  - From: Carl Fink <carl@finknetwork.com>
- Re: Email based attack on University
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Email based attack on University
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: Email based attack on University
  - From: <tomas@tuxteam.de>
- Re: Email based attack on University
  - From: Étienne Mollier <etienne.mollier@mailoo.org>
- Re: Email based attack on University
  - From: Carl Fink <carl@finknetwork.com>

Prev by Date: Re: Email based attack on University
Next by Date: Re: Does Debian have a yum security equivalent
Previous by thread: Re: Email based attack on University
Next by thread: Re: Email based attack on University
Index(es):
- Date
- Thread