Re: VIRUS: Snow White got my email address

From: Michael M. Butler (
Date: Sat Mar 03 2001 - 18:34:33 MST wrote:
> "Michael M. Butler" wrote:
> >
> > FYI to the list: it might be making the rounds again. Don't open .exe

> As to authentication by sender, that's bogus, as many worms send themselves
> on automatically, and morever, headers are easily forged, so ackphtphtphtpht.

I did not say "apparently from" or "having a header saying 'from:'"--I
said "from". But I should have worded it even more strongly: don't run
executables. :)

> I suggest using a mailer written in a buffer-overrun-free language, running
> on an OS with decent security, and accept only executables from a trusted
> source, as verified by having a good signature. Though a worm could snarf a
> PGP/GPG passphrase, that threat model is strictly theoretical.

In fact, I am putting FreeBSD on a machine this very weekend. If it
turns out to be fragile, I'll move to OpenBSD.


This archive was generated by hypermail 2b30 : Mon May 28 2001 - 09:59:39 MDT