Vulnerability Development mailing list archives

Re: Why not a changeling?

From: sigipp () WELLA COM BR (sigipp () WELLA COM BR)
Date: Mon, 29 May 2000 08:55:20 -0300


Hi Michael

o.k., i got the point. You are right. For protection against those viruses: how
about searching for something what might be a password, try that to decrypt the
zip, and if it works, try to detect a virus. Primarily the idea behind this is,
that if you get a password-protected file, it would be obviuosly nonsense (in
terms of securing the archive) to include the password in the same file. So i´d
prefere to automagically delete these attaches, if they are encrypted and could
be decrypted with a word from the message, which might be a password. I´d
prefere delete them without further checking the archive for known viruses.
Detecting possible passwords in the mail should not be too difficult, for the
text containing this password has to contain an advice for the reader to use
this as a password. People who know how to find a password in the mail without
advice, and know to use it to decrypt the zip, are normally aware of the
security problem and the logical nonsense of that.

Greetings
Siegfried Gipp

Current thread:

Re: Why not a changeling?, (continued)
- - - Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 22)
- Re: Why not a changeling? Michael Wojcik (May 22)
- Re: Why not a changeling? Maxime Rousseau (May 23)
- Re: Why not a changeling? Michael Wojcik (May 23)
  - Re: Why not a changeling? White Vampire (May 25)
- Re: Why not a changeling? rain forest puppy (May 23)
- Re: Why not a changeling? Michael Wojcik (May 25)
- Re: Why not a changeling? prole (May 25)
- Re: Why not a changeling? Maxime Rousseau (May 25)
- Re: Why not a changeling? sigipp () WELLA COM BR (May 29)