Bugtraq mailing list archives
Re: MIME question...
From: t-jont () microsoft com (Jonathon Tidswell)
Date: Tue, 28 Mar 95 18:30:55 TZ
---------- | From: Pete Hartman <pwh () bradley bradley edu> | To: <bugtraq () fc net> | Subject: Re: MIME question... | Date: Monday, 27 March 1995 12:12 | >has anyone on this list heard of an "auto-execute MIME extension"? is | >this an issue? the question arose when i doubted the likelihood of | >a "virus" being launched via reading an e-mail message. Its real. Its not Microsoft. Its a research project at a couple of places. Preliminary reading is a paper in an '80s CSCW conference. The title is something about "Computational Email", and its by Nathanial Borenstein then at Bell Labs. This used lisp + curses, later work is based on Tcl and Tk, and is known as safe-tcl. | >your thoughts? The security approach is ad-hoc but seems thorough. Assuming the security stuff is thorough :-) then virii are not a concern, although denial-of-service attacks are. | The closest to this I've heard of is also a potential problem with | some Web Browsers. | | If you can invoke a sufficiently sophisticated postscript interpreter | with an email message or a web graphic, you can embed code to do | unintended things, since PostScript is a full language. Indeed which is why you should set the flags for Ghostscript to not process file and other security threatening commands. I presume other postscript viewers have at least the functionality of ghostscript:-) The same is true of all documents which include scripting components. Which I guess will be the next generation of word processors from major vendors. - Jon Tidswell Disclaimer: I am a postgraduate student on a scholarship not an employee of Microsoft ... I think my thoughts are my own and I believe my writings are too.
Current thread:
- MIME question... robert owen thomas (Mar 17)
- Re: MIME question... Doug Hughes (Mar 17)
- <Possible follow-ups>
- Re: MIME question... Pete Hartman (Mar 27)
- Re: MIME question... r.evans () ic ac uk (Mar 28)
- Re: MIME question... mueller_scott (Mar 28)
- Re: MIME question... Jonathon Tidswell (Mar 28)
- Re: MIME question... Christian Wettergren (Mar 29)
- Request to Join Mailing List BRUCE.SHELDON () STATE MN US (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Re: Network Monitoring and Control (announcement) Christopher D. Heer (Mar 30)
- Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
- Re: Network Monitoring and Control (announcement) root (Mar 30)
- Re: Network Monitoring and Control (announcement) Christopher Samuel (Mar 31)