RE: Possible Intrusion Attempt?

From: Whiteside, Larry [contractor] (BAE14at_private)
Date: Fri May 23 2003 - 11:46:25 PDT

Next message: Jerry Shenk: "RE: [ANNOUNCE] protocol watcher"

Previous message: Justin Pryzby: "Re: DDoS Attack"
Maybe in reply to: Matt LaFelero: "Possible Intrusion Attempt?"
Next in thread: FWAdmin: "RE: Possible Intrusion Attempt?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What mail server do you use? Exchange/Outlook will allow you to convert all html email to plaintext before the user receives it. It can be done at the client or the server. People will still be able to receive email from everyone, it's just that html email will be converted to plaintext before the user receives it. It doesn't adversely affect anyone.

L
***************************
Larry Whiteside Jr.
Sr. Security Engineer

-----Original Message-----
From: Rob Shein [mailto:shotenat_private]
Sent: Friday, May 23, 2003 2:34 PM
To: Whiteside, Larry [contractor]; 'Matt LaFelero'
Cc: incidentsat_private
Subject: RE: Possible Intrusion Attempt?


I'm a little fuzzy about this part...how do you prevent people from
accepting HTML mail, and considering how many mail clients out there send it
by default, what do you do when all of a sudden a large percentage of people
can't email you anymore?

-----Original Message-----
From: Whiteside, Larry [contractor] [mailto:BAE14at_private] 
Sent: Thursday, May 22, 2003 3:31 PM
To: Matt LaFelero
Cc: incidentsat_private
Subject: RE: Possible Intrusion Attempt?


<snip>

my 2 cents:

You should first stop allowing HTML email. That is one of the easiest ways
for arbitrary code to be executed on your host. Then you should revamp your
security program to teach your users not to open things from unknown
sources. As long as you allow HTML email, you can be subject to this type of
attack. 

<snip>



----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Next message: Jerry Shenk: "RE: [ANNOUNCE] protocol watcher"
Previous message: Justin Pryzby: "Re: DDoS Attack"
Maybe in reply to: Matt LaFelero: "Possible Intrusion Attempt?"
Next in thread: FWAdmin: "RE: Possible Intrusion Attempt?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 25 2003 - 21:56:11 PDT