 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, 6 Aug 2002, David Kramer wrote: > No, M$FT is at fault because they designed the protocol to not have the > identifier of the sender in it. In the letter, the M$FT dude talks about > how it's the responsibility of the application to decide whether it will > ignore or process messages, but the M$FT messaging protocol has so From: > field, so there's no way for the application to know if the request is > legit or not. His defense is totally bogus. > Yes, but there are other calls in the Win32 API that prevent this attack from happening, from the looks of the MSDN docs I glanced over this morning after reading about some hooks on BUGTRAQ, it completely solves the problem that this attack brings up. So its the 3rd party developers that are at fault here, not MSFT. ~Ben -- /"\ Ben Jackson \ / bejackso at lynx.dac.neu.edu - http://piro.dnsq.org/~bbj X Member of the ASCII Ribbon Campaign Against HTML Mail / \
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
