Re: OT: Vulnerable MUAs ...
begin Frank wrote 644 > > |grep -iE 'microsoft|eudora' |wc -l > >1757 > I wonder if it would change some MUA's behaviour or the selection > criteria of some IT managers if some big lists/list providers would > start to block mail from certain MUAs for self defense. > For sure it would bring the lawyers in quickly. And on what grounds would they act in your opinion? Felix
Re: Vulnerable MUAs ...
Robin S. Socha([EMAIL PROTECTED])@2001.04.24 08:07:51 +: > --> > > find pine4.33 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l >3817 even if the quantitative analysis does not make _that_ much sense...: rohrbach@WM:datasink[~/src/stdbuild.mua]59% find mutt-1.2.5 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l 96 actually there's a difference, yes ;-) /k -- > "The path of excess leads to the tower of wisdom." -- W. Blake KR433/KR11-RIPE -- http://www.webmonster.de -- ftp://ftp.webmonster.de [Key] [KeyID---] [Created-] [Fingerprint-] GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
Re: Vulnerable MUAs ...
-BEGIN PGP SIGNED MESSAGE- Robin S. Socha wrote: >You forgot something, David... >find pine4.33 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > 3817 > >Now, why on earth are *you* running qmail instead of sendmail? }:-> *gulp* Fair enough. =) - -d - -- David Talkington http://www.spotnet.org PGP key: http://www.prairienet.org/~dtalk/dt000823.asc -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOuW7Cb1ZYOtSwT+tAQGUagf/QqZh6XreI8cHWX7E4FhKIDLqJDJCHsgo MYLIV5DUwVYl/MgqRdc32ZRXq5MjQU9G8OJ1FjP1lLgMY225RGudNdjnib8moHxI Wov0LQ2jTtzAC9irSF1GUjlRnY+5lOSeRjs54emzpfeAFswwDehQ1EcHOK0qOjgk wbtpH7IkaqLF+4UgkiNmaPNLaGs5K1fLBIQrBltcAqtKbxwbbBv6DYjTkrDt1ody 9lrPndeMu/u66R2WhuhBmkWuYvuTJ6x1qG2xAUKK1lGg6YvE8CVzWH26gSzAPxTz MGrT/GiezmpCJsPRxAPGavEW099UNJ59Hr/TbWw1XZM70V5D4E+efA== =U2rT -END PGP SIGNATURE-
Re: Vulnerable MUAs ...
* David Talkington <[EMAIL PROTECTED]> writes: > Charles Cazabon wrote: >> I daresay the majority of people on this list are clueful enough to >> not run vulnerable email clients. > In a quick not-quite-scientific survey of 6,757 messages in my > qmail-list folder: > pnet4:djb 522 $ grep -i ^X-Mailer: qmail \ > |grep -iE 'microsoft|eudora' |wc -l >1757 You forgot something, David... Message-ID: <[EMAIL PROTECTED]> --> find pine4.33 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l 3817 Now, why on earth are *you* running qmail instead of sendmail? }:-> -- Robin S. Socha http://my.gnus.org/ - To boldly frobnicate what no newbie has grokked before.
OT: Vulnerable MUAs ...
> |grep -iE 'microsoft|eudora' |wc -l >1757 I wonder if it would change some MUA's behaviour or the selection criteria of some IT managers if some big lists/list providers would start to block mail from certain MUAs for self defense. For sure it would bring the lawyers in quickly. Regards, Frank
Re: Vulnerable MUAs ...
-BEGIN PGP SIGNED MESSAGE- David Talkington wrote: >Yes ... it was mentioned to me privately that Eudora 3 (which Mr. >Mershberger uses) is standalone. My apologies for the misspelling, Mr. Merchberger; my excuse is that it's been a 14-hour work day. - -d - -- David Talkington http://www.spotnet.org PGP key: http://www.prairienet.org/~dtalk/dt000823.asc -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOuT2H71ZYOtSwT+tAQH0DQf/cCzW9+xr0u64a4GObDIwGDFUbkJus7YF buYymMo2ZBJ1h74x8glBlwkbIqmtEaYd8o+MKZGUyi+2h11YH3Nj0t/ECevT6RhP 9kiRQjryGCg7kcWvf/2/mNlQ+4lYswDrwY7mBMGiZbn6JPk/JiGM2AgvWxmxOwTr dibntH8rVm726HoQ+ax3AkO1uEpPEk86VlbrrUn/19bnKpHY2P2kPeGzxTTfztpy 8r3EDsDQ2yIZj6UKWU798LIXdXiDb9IwEWi2krF04yS8XnAlnzH1aAbqqUNcaMDs Vjb6sVhXsllw97I9j10vyF8kcjTfIXP6xSV6znlTvp8bIUgBRe0Jmw== =wLop -END PGP SIGNATURE-
Re: Vulnerable MUAs ...
-BEGIN PGP SIGNED MESSAGE- Peter Cavender wrote: >Well it certainly can't use IE's engine if I have _no_ Microsoft software >on my Macintosh. Indeed. >I have been using eudora for 5 years, and have had zero >problems. It doesn't execute anything, and it seems to have it's own HTML >render engine. Yes ... it was mentioned to me privately that Eudora 3 (which Mr. Mershberger uses) is standalone. If you _do_ know of any documented problems with eudora, >please refer me to them. Methinks this is the sort of thing that came to mind: http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=P&S=&P=8505 And, of course, it's a non-issue for the clueful, who don't use HTML mail. - -d - -- David Talkington http://www.spotnet.org PGP key: http://www.prairienet.org/~dtalk/dt000823.asc -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOuT1db1ZYOtSwT+tAQG7kgf+LNCQhz04dKDK2z7I7ETw91ZtPDoBbPjO ZD+1eTXLyV178n5ffjplnTncJjeaL8TeUJZjSMft60KrA3c1Omc0Mcaib7IbttS3 gq+W3qN4RzwFkkAuqD40FDM1AdF189l3gKgSGgtU8GE+q0i+xCha9/2lUJxd0yx3 9U9+Nz/6ZpqX6PoJ99L98CeqEIFFzBFgcmD76/vqLcKh7clWUaGkOYZC/ht9s4Ax T8jVAkRl3UaMKrWOJx/KPmPLK28PD3bfAOfzDHWlpbbAz6o/aL2EynDzHSBi3LJV jpZ4oJ8TzUV5WntQguxmTEZBnagP4W37mUJ/NK3ETePZ6lW8MfkmhA== =M/rZ -END PGP SIGNATURE-
Re: Vulnerable MUAs ...
On Mon, 23 Apr 2001, David Talkington wrote: > -BEGIN PGP SIGNED MESSAGE- > > Roger Merchberger wrote: > > >Just because one runs (for example) Eudora doesn't mean one's not clueful... > > No offense intended. I believe Eudora uses IE's engine if you choose > to use HTML mail (which the clueful user won't, of course), and has > been affected by IE vulnerabilities for that reason, hence its > (perhaps unwarranted) inclusion in my search. > Well it certainly can't use IE's engine if I have _no_ Microsoft software on my Macintosh. I have been using eudora for 5 years, and have had zero problems. It doesn't execute anything, and it seems to have it's own HTML render engine. If you _do_ know of any documented problems with eudora, please refer me to them. --Pete
Re: Vulnerable MUAs ...
-BEGIN PGP SIGNED MESSAGE- Roger Merchberger wrote: >Just because one runs (for example) Eudora doesn't mean one's not clueful... No offense intended. I believe Eudora uses IE's engine if you choose to use HTML mail (which the clueful user won't, of course), and has been affected by IE vulnerabilities for that reason, hence its (perhaps unwarranted) inclusion in my search. - -d - -- David Talkington http://www.spotnet.org PGP key: http://www.prairienet.org/~dtalk/dt000823.asc -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOuTOtr1ZYOtSwT+tAQFBmQf9GXIwQl54GTzlQobZCWDISizjNXzRw9Bm kM+AIswmM2mdOo2R5E72RIMy7W1D6DHIRMVSE3/IyICcfDjHCaGNIwX/tXeaeWzA 9MXnFQSl7SMjMHbYi6KcEX9TxcHHttCOlIUe0zW2/wz1ZKodPZyuJEfX0vt7WWlS FvObC0J0OvdP4dGLSRy835meV8VY4Liet3DstQ7bjYyvSs/M7sxmtlDKv04+RbCX JXNEAKc7qxcMmBsYW+rsxe2R1+TSSX5rY5JZXmTXdaLjkdI0BFPNgPf8bTCoUZIk HVWHmg/A8WAA+4qRtwwxcAHldoEWGcWtVd8nwu1UkMiqQvl8jg+0Fg== =Sppa -END PGP SIGNATURE-
Re: Vulnerable MUAs ...
Rumor has it that David Talkington may have mentioned these words: >-BEGIN PGP SIGNED MESSAGE- > >Charles Cazabon wrote: > >>I daresay the majority of people on this list >>are clueful enough to not run vulnerable email clients. > >In a quick not-quite-scientific survey of 6,757 messages in my >qmail-list folder: > >pnet4:djb 522 $ grep -i ^X-Mailer: qmail \ >|grep -iE 'microsoft|eudora' |wc -l > 1757 > >Which works out to 26% of the traffic. Of course, that doesn't >establish the number of unique senders in those figures, but still ... >not as small a minority as I would have thought ... Just because one runs (for example) Eudora doesn't mean one's not clueful... I run Eudora (3.0 pro) which doesn't open anything you don't want it to, HTML disabled, and Norton Antivirus updated weekly (or so...) I've been running qmail since 0.96 (1995) and while I'm no brain surgeon, I do happen to still have a wee bit of gray matter still functioning... However, in the spirit of this thread, as soon as someone donates some VMS documentation to me (7.2 for the Vax would be preferable, but I won't be too picky... ;-) I'd be more than happy to use my VaxStation 3100/m38 to do my home email -- then I can use a real operating system & not worry about virii... :-) Too bad qmail won't run on it... :-( Just MHO, Roger "Merch" Merchberger -- Roger "Merch" Merchberger --- sysadmin, Iceberg Computers Recycling is good, right??? Ok, so I'll recycle an old .sig. If at first you don't succeed, nuclear warhead disarmament should *not* be your first career choice.
Vulnerable MUAs ...
-BEGIN PGP SIGNED MESSAGE- Charles Cazabon wrote: >I daresay the majority of people on this list >are clueful enough to not run vulnerable email clients. In a quick not-quite-scientific survey of 6,757 messages in my qmail-list folder: pnet4:djb 522 $ grep -i ^X-Mailer: qmail \ |grep -iE 'microsoft|eudora' |wc -l 1757 Which works out to 26% of the traffic. Of course, that doesn't establish the number of unique senders in those figures, but still ... not as small a minority as I would have thought ... - -d - -- David Talkington http://www.spotnet.org PGP key: http://www.prairienet.org/~dtalk/dt000823.asc -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOuS6J71ZYOtSwT+tAQFPjggApafwdSzS16ZhA6XSvTQ7vrfVXdRajScp EGsKfHGR1yZNd4iuaBe+h2a8kPiTWU9Ryn4a9hMnOqqwxcs0iJleJyT/ncVQiB6q p8WozeGL5iKyifL/pXsgQ1YgXYi8MKrnNmeHZ2xI3dIwY50EEFCjMgXwHDnBAIvt qFT7UuXd+h+YNU1rWxzUn2BarIHvy2fC/YjvWqKiKIbph3BlSo1q2NfsnU4kM1w0 QsAmi9mOHLmQKonl9mgZvrbsWTf9Plt/BYxK+Oyc2iCrv/t1TGk7F+CNbx/gxAa8 pLNHD8Q6a3QMb1M3i9N2cdHxggfljQY2esfM7Alj/WOUuOG9hYmUEQ== =VBnG -END PGP SIGNATURE-