Autor: Alan J. Flavell Data: Dla: Exim users list Temat: Re: [Exim] W32.Swen@MM
On Mon, 22 Sep 2003, Andreas Metzler wrote:
> On Sat, Sep 20, 2003 at 07:18:06PM +0100, Alan J. Flavell wrote:
> > Some of our users don't seem to be able to be persuaded to desist from
> > sending tens of MBytes or more, no matter how often one suggests to
> > them that it is more effective (and safer) to put their material on an
> > unlisted web page, and send its URL to the recipient[1].
>
> Just using an unlisted webpage is not good enough as the URL might get
> out via referer-header, I would protect it with a password, too.
Thanks - your quote reminds me that I forgot to provide footnote [1],
where I was going to say something about making the unlisted web page
temporary, and taking care to protect content if it's confidential.
But you've done that for me ;-)
So the only caveat that it remains to add is that unfortunately, the
crippleware that we're trying to protect has a rather nasty habit of
sending URLs by creating potentially dangerous attachments (so-called
"internet shortcut"), instead of merely including the URL in the
message. Since we feel we have to block these kinds of attachments
along with all the other active content to which the client software
falls victim (the vendor provides a long list of vulnerable filename
extensions, instead of addressing the underlying weakness), we're
stuck between a rock and a hard place. Sigh.