Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0
From: Russ (Russ.Cooper@RC.ON.CA)Date: 08/16/02
- Previous message: http-equiv@excite.com: "Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0"
- Maybe in reply to: http-equiv@excite.com: "SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Aug 2002 09:15:07 -0400 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http-equiv sent a message to NTBugtraq yesterday that set off over 500 email virus alerts.
I think its great that so many people are doing email filtering these days, but I would also advise you that messages which might set off your alarms come to NTBugtraq regularly. Its impossible to discuss the issues surrounding potential vulnerabilities without setting off alarms occasionally, particularly when those alarms are so loosely defined.
One write-up on the issue that set off your alarm yesterday can be read at;
http://vil.nai.com/vil/content/v_99383.htm
Email filters typically can't distinguish well between exploitable code in an email, versus text representing the exploitable code. Partly that's because some mail clients may execute the exploitable code regardless of where its found in a message (Eudora had that problem once).
Anyway, expect malicious email from NTBugtraq. Unsubscribe if this causes you problems. It would be better if you could allow messages from NTBugtraq to by-pass your filtering and, instead, be read with caution expecting that any message might exploit a vulnerability in your mail reading program.
I know that a message sent to the list is not going to auto-execute in popular environments that are reasonably patched. I verify that before a message is sent to the list. This doesn't mean its not going to set off your AV program. But then your AV program going off doesn't always mean its an actual virus.
There are, regularly, 100+ subscribers who's email filters invariably trigger because of words, content deemed to be spam, or false detections of malicious content. In future, these subscribers will be removed when they auto-respond.
Automatic responses to messages posted to NTBugtraq are the single biggest cause for people not wanting to post their discoveries to the list. For whatever reasons, we have far more auto-responders than Bugtraq and other lists. I already automatically remove anyone who auto-responds with an Out of Office agent.
Please, try and avoid automatic responses to NTBugtraq messages.
Cheers,
Russ - NTBugtraq Editor
- Previous message: http-equiv@excite.com: "Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0"
- Maybe in reply to: http-equiv@excite.com: "SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
