Re: Email based attack on University

To: debian-user@lists.debian.org
Subject: Re: Email based attack on University
From: Carl Fink <carl@finknetwork.com>
Date: Wed, 2 Oct 2019 15:35:54 -0400
Message-id: <[🔎] 20191002193554.GA9607@panix.com>
In-reply-to: <[🔎] 20191002165750.GC10069@wren.corp>
References: <[🔎] dc2186e3-138a-ba0e-3243-fd7766b24db2@gmail.com> <[🔎] 54ee1ddd-6324-4f70-8517-942c4a8e63aa@www.fastmail.com> <[🔎] 20191002124111.GA14534@smallapple.localnet> <[🔎] 20191002132737.GA24055@panix.com> <[🔎] 20191002140602.GA14672@smallapple.localnet> <[🔎] CAJmb-Y=vwP--0cQsF2a--9jGYb4D5tg_MhjHURzPChWCp=qJaA@mail.gmail.com> <[🔎] 20191002154641.GC9844@tuxteam.de> <[🔎] e71167d4-d48b-2e21-2756-f3cf90365241@mailoo.org> <[🔎] 20191002164713.GA18539@panix.com> <[🔎] 20191002165750.GC10069@wren.corp>

On Wed, Oct 02, 2019 at 11:57:50AM -0500, David Wright wrote:
> On Wed 02 Oct 2019 at 12:47:13 (-0400), Carl Fink wrote:
> > On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote:
> > 
> > > I don't believe MP3 allows executable code by specifications
> > > either, so shouldn't the PNG image format.  But think of DSA
> > > 4435 which affected libpng earlier this year.  When the OS
> > > library for handling multimedia has flaws, if an HTML email
> > > embeds a specifically crafted PNG image inlined in the content,
> > > then you wouldn't even have to hit the ???preview??? button to be
> > > screwed:
> > 
> > That would logically apply to ASCII text as well.
> 
> I'm not sure why an ASCII email would be handed to a multimedia library.

Nor am I. But "multimedia" is an imposition here. Text is also rendered by
libraries.
-- 
Carl Fink                           nitpicking@nitpicking.com 

Read John Grant's book, Corrupted Science: http://a.co/9UsUoGu 
Dedicated to ... Carl Fink!

Reply to:

References:
- Email based attack on University
  - From: Keith Bainbridge <keithrbau@gmail.com>
- Re: Email based attack on University
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>
- Re: Email based attack on University
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Email based attack on University
  - From: Carl Fink <carl@finknetwork.com>
- Re: Email based attack on University
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Email based attack on University
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: Email based attack on University
  - From: <tomas@tuxteam.de>
- Re: Email based attack on University
  - From: Étienne Mollier <etienne.mollier@mailoo.org>
- Re: Email based attack on University
  - From: Carl Fink <carl@finknetwork.com>
- Re: Email based attack on University
  - From: David Wright <deblis@lionunicorn.co.uk>

Prev by Date: Re: Authentication for telnet.
Next by Date: Breaking the mail thread. Was: Re: Authentication for telnet.
Previous by thread: Re: Email based attack on University
Next by thread: Re: Email based attack on University
Index(es):
- Date
- Thread