ad it (IMAP showed it as base64 BTW).
I'd guess it's something to do with line delimiters and how Winblows does it
with Q-P vs how it should have been done.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint:
t; recompile. The simpler solution of course is not to send such a
> complex message.
...or simply zip up the complex message before sending it. That'll fix it
;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerp
e too many bugs (primarily with Outlook BTW) that
happen because of the casual manner in which MUAs parse MIME. These
inconsistancies lead to exploits.
This has to end. The only way to do this is to TIGHTEN up what is classified
as acceptable - not to loosen it.
--
Cheers
Jason Haar
Informatio
e user that a configuration change has
occured, so that they don't send their password?
I don't think so ;-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C06
passwords, then they just rewrite your app to log the cleartext
password before doing the hash-test.
Game over Man.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9
ns allow you to put the cert on them. So it's not available to the
Operating system as it doesn't need it at all.
Pretty hard to steal the cert then - but it can and has been done before...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fa
on-purpose to me, but I'm hoping someone else here has
figured out the missing link to get this working for me. There seems to be a
lot of people on the 'Net doing this, so I suppose it's possible?!?
Any ideas?
Thanks
--
Cheers
Jason Haar
Information Security Manager, Trimble N
Any site providing Web access to e-mail should have a standalone Web
interface in their DMZ with (probably) IMAP access to that real backend
server.
Running NFS/MAPI/SMB from a DMZ to a LAN is not a good idea. The security
implications are rather huge.
--
Cheers
Jason Haar
Information Security Ma
and create their home dirs from that. Then all
the rest of the Winbindd stuff works.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
it means people can - say - gateway access to your internal
servers via it (that's ANY internal server - telnet, smtp, web, etc)
The content of that message looks like something by an ORBS-like creature -
so it's found an open proxy on your network, and is trying to relay a mail
mess
wish), or alter the clients.
Reality is, other products will have to support this feature themselves Real
Soon Now - DoS attacks aren't going away, and this feature can really help -
I've personally used it to stop resource exhaustion from a known bad client.
--
Cheers
Jason Haar
Inform
components
too. So chances are, there are more problems with Courier than those others
(sorry Sam ;-). That's just a probability issue of course - no proof so far
(touch wood ;-)
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3
12 matches
Mail list logo