[Asterisk-Users] MS Outlook

Andrew Joakimsen andrew at envisionstudio.net
Mon Sep 22 20:33:37 MST 2003


And we all certainly know that Windows is so secure. I am by no means a
Linux or Windows fanatic, they each have their strong spots.

And I find this thread a little off topic, totally not related to
Asterisk or VoIP/phone systems.

> -----Original Message-----
> From: asterisk-users-admin at lists.digium.com [mailto:asterisk-users-
> admin at lists.digium.com] On Behalf Of Sean Heiney
> Sent: Monday, September 22, 2003 10:55 PM
> To: asterisk-users at lists.digium.com
> Subject: RE: [Asterisk-Users] MS Outlook
> 
> Go back to your cave.
> 
> On your way, don't forget to patch sendmail (twice in the last 30
days),
> OpenSSH, gtkhtml, and pam_smb..... Just in the last month. Linux.
> Security. Made for the Internet. Made for the cave.
> 
> 
> Regards,
> 
> Sean
> 
> 
> 
> -----Original Message-----
> From: asterisk-users-admin at lists.digium.com
> [mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Steven
> Critchfield
> Sent: Monday, September 22, 2003 3:58 PM
> To: asterisk-users at lists.digium.com
> 
> On Mon, 2003-09-22 at 15:30, Sean Heiney wrote:
> > Actually, MS Outlook by default blocks all executables. I'm not sure
> > why there is so much negativity around the Outlook client.  Perhaps
we
> 
> > should all go back to the cave and use Pine.
> 
> I'll assume you don't understand the english words you just wrote well
> enough to defend yourself. Outlook does not block executables. It
> receives them via mail like any other mail message. It by default
> doesn't run executables that are sent as executables. But we all know
> about the current stupidities of Microsoft in that they look at the
mime
> header to determine if it is safe to use the file(wav, mid, txt,
> whatever that should be a data file), but then executes the file so
that
> they can use a shortcut to whatever app you defined to run that data
> file with. The problem being that they package exe files with a mime
> header for one of those innocuous files and the executable shortcut
runs
> the virus. Not to mention that Outlook is set to by default to display
> HTML email and that a HTML mail with an embedded link to the "data"
file
> inside will cause automatic running of the virus.
> 
> So Outlook is not going to block the attachment from taking up
residence
> on your drive. Outlook has poor security checking, and can be easily
> tricked into doing evil things.
> 
> Microsoft recently stated themselves that Windows is not designed to
sit
> on the internet out of the box, but requires a fair amount of
hardening.
> This applies to all their other software as well as it is all tightly
> integrated. Admit it, Microsoft has been patching crap software for a
> long time. Linux had an advantage of not caring about market share and
> trying to do things the right way. Linux also grew up after the
internet
> was around and while it was gaining popularity therefore it has had to
> grow up in a rough neighborhood and keep itself hardened.
> 
> 
> > -----Original Message-----
> > From: asterisk-users-admin at lists.digium.com
> > [mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Steven
> > Critchfield
> > Sent: Monday, September 22, 2003 2:10 PM
> > To: asterisk-users at lists.digium.com
> >
> > On Mon, 2003-09-22 at 13:42, Brian West wrote:
> > > I second that... I have received a load of virii from people on
this
> 
> > > list..
> > >
> > > Received: from torch.junct.com (sootbox.junct.com [65.168.64.10])
> > >         by www.bkw.org (8.11.6/8.11.6) with ESMTP id h8MIcEJ06998
> > >         for <brian at bkw.org>; Mon, 22 Sep 2003 13:38:14 -0500
> > > Received: from wdxmvur (unknown [207.41.124.63])
> > >         by torch.junct.com (Postfix) with SMTP
> > >         id 461DF4159; Mon, 22 Sep 2003 13:37:08 -0500 (CDT)
> >
> > For those of you that have no reason whatsoever to receive windows
> > executables, here is a procmail rule that matches the beginning of a
> > windows executable no matter what it is named.
> >
> > # Base 64 encoded windows executable
> > :0B:
> >
*TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > AA
> > AAAAA
> >
> >
> > You can use this and deliver the mail wherever you want to. This
works
> 
> > on the last Sobig, klez and the Swen virus so far. This is what I
had
> > in my virii folder to test it against.
> >
> > --
> > Steven Critchfield  <critch at basesys.com>
> >
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> --
> Steven Critchfield  <critch at basesys.com>
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list