[govsec] Morris Worm and a Change in Direction
nicolas vigier
boklm at mars-attacks.org
Fri Nov 5 15:52:24 EST 2004
On Fri, 05 Nov 2004, jmetz at intac.com wrote:
>
>
> one question bothers me in almost every situation all mail (to any
> Governmental officer) is considered either questionable or often non
> deliverable to the intended recipient mostly this has been because of the
> potential of virus/worm delivery.
>
> Yet in all the years of Email no one has ever considered mail conversion
> prior to delivery.
>
> Why has no one ever setup a system of conversion to pdf in the mail system.
> This would be one way to insure that real information would be transfered
> no matter how it was sent.
>
> A stand alone mail Gateway which automaticly strips all mail html or plain
> text ( oe even preexisting PDF converting it to pdf and then transposting
> it to the intended recepient would prevent most worms/virus from ever
> getting through.
I don't see how it can be a solution. People who use bogus email client
like Outlook Express to display html mails will maybe use a bogus pdf
viewer. The problem is not with HTML or PDF, it's with people who use
vulnerable programs, and in a good email client an HTML message is not
supposed to be able to run a program.
--
gpg fp: 8a7e 9719 b38d 97c6 6af0 d345 12a0 3708 2c8c 3c11
http://boklm.mars-attacks.org/
More information about the govsec
mailing list