Hello Stefan Tanurkov,
On Tue, 7 Mar 2000 12:12:40 +0200 GMT your local time,
which was Tuesday, March 07, 2000, 5:12:40 PM (GMT+0700) my local time,
Stefan Tanurkov wrote:
n>> 2. "The Bat!" doesn't check headers of the incoming message to contain
n>> this header (and this is even more dangerous). Intruder can spoof this
n>> header, for example to specify
n>> X-BAT-FILES: C:\WINDOWS\user.dat
n>> in message headers. In this case user.dat will appear as message
n>> attachment! If recipient will forward this message user.dat will be
n>> attached to forward. If recipient will delete this message and option
n>> "Delete attached file then message deleted from trash folder" is
n>> checked C:\WINDOWS\user.dat will be deleted.
> This simply is not true. The Bat! cannot delete a file located outside
> the attachment directory. I would delete half of my files otherwise
> :-) Moreover, I have a creeping suspicion that the option to delete
> attached files when the containing messages are deleted from Trash is
> ignored - if so, it will be fixed, I promise :-)
But I thought that Steve posted this as coming from a respected
security mailing list....
You mean they post warnings without checking if the warnings are
correct? (g)
Best regards,
tracer
--
Using theBAT 1.41 Beta/5 with Windows 98
mail to : [EMAIL PROTECTED]
I am using FireTalk: 321338
ICQ: on request
Website: www.phuketcomputers.com
Our special website hosting/mailservers are now operational
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : archive@jab.org
