| Who we are | Organizations | Get Involved! | Helpdesk |
| Weblog | About FLORA | Server project | F.A.Q. |
|
|
|||||||
| ||||||||
Election 2006 (and beyond): Digital Copyright Canada
From: Russell McOrmond <russell_-at-_flora.ca>
To: Free/Open-Source Software Community Networking/Computing <comnet-www_-at-_flora.org>
Date: Wed, 19 Mar 2003 10:03:01 -0500 (EST)
I have posted earlier that I make use of an auto-responder for Microsoft Outlook attachments. It is a simple procmail recipe which checks if the message is from Microsoft Outlook, and contains an attachment. It then filters the message into a folder called 'outhouse', and then sends the following automatic response. ---cut--- Note: This is an automated message. Russell McOrmond did not receive your email. Due to the proliferation of Microsoft Outlook based viruses, I no longer accept messages from Microsoft Outlook which contain attachments of any type. This includes messages which have HTML or Rich Text. If you need to get an attachment to me, please send it via some other email software or write to me (without attachment of any type) to ask about alternatives. If you did not intend to send an attachment, please read the following page which has notes on how to configure many email packages to send plain text email: http://www.flora.org/flora/help/flora-admin-help/1083 /"\ \ / X ASCII RIBBON CAMPAIGN / \ AGAINST HTML MAIL Russell McOrmond FLORA Community Consulting http://www.flora.ca/ ---Further reading--- It needs to be remembered that the viruses that attack various email packages, primarily those from Microsoft, are not the result of accidents. They are the result of deliberate design flaws, where adequate security warnings were provided by the standards bodies that documented the Email standards. Nor should the blame be put only onto the authors of the malware who make use of these design flaws. If someone put a sign on their own unlocked door saying "please walk in and steal from me", would you put all the blame for this crime on the person that commits the theft? The relevant standards document that Microsoft needed to read in order to implement file attachments is the following: http://rfc.sunsite.dk/rfc/rfc1341.html , dated June 1992 Which was updated by: http://rfc.sunsite.dk/rfc/rfc1521.html , dated September 1993 Which was updated by: Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types http://rfc.sunsite.dk/rfc/rfc2046.html , dated November 1996 See: 4.5.2. PostScript Subtype Postscript is given as a popular file format at the time which contained a rich enough language to contain scriptability. The same security warnings apply to HTML, PDF and especially Microsoft Office files which also contain scripting feature. These files were likely not mentioned as they were not yet popular to be transmitted by email. Pretty much all the high profile (those that are bad enough that they show up in the mainstream media) viruses make use of this design flaw where Microsoft Outlook will automatically view an attachment, and the attachment viewer automatically executes scripts that are contained in the attachment. Microsoft Outlook was first released as part of Microsoft Office 97, released late 1996. Outlook replaces Microsoft Exchange client, which replaced Microsoft Mail in 1996. To the question "Does Microsoft Mail support MIME?", the comp.mail.mime FAQ said "almost--maybe". http://www.uni-giessen.de/faq/archiv/mail.mime-faq.part1-9/msg00001.html The important part to remember is that Microsoft was warned before they wrote or released the relevant software, and they deliberately ignored the security warnings contained in the standards documents. These critical security related design flaws have still not been fixed almost 7 years later. Some members of the IETF believe that Microsoft should be held accountable as criminally negligent for the proliferation of these viruses. http://www.digital-copyright.ca/discuss/1563 ---cut--- -- --- Russell McOrmond, Internet Consultant: <http://www.flora.ca/> Any 'hardware assist' for communications, whether it be eye-glasses, VCR's, or personal computers, must be under the control of the citizen and not a third party. -- http://www.flora.ca/russell/
| Please read the FLORA.org Terms and Conditions before you submit information to FLORA.org | |
Join the Blue Ribbon Online Free Speech Campaign(USA) (Canada) |
 FLORA Community Web
(FLORA.ORG) is sponsored by FLORA
Community Consulting (FLORA.CA).
|