[unisog] Phishing targeting University Admissions

Eric Pancer epancer at security.depaul.edu
Wed Jun 16 12:08:13 GMT 2004


Sergent, Phil wrote on Mon, 2004-06-14 at 11:21:27 -0400...

> You still accept .zip files!?

We do, as well. It seems to me that not accepting files with
extensions is merely a horrible work around. What happens when a new
virus comes out that names the attachment as foo.fi_ and tells the
user to save the attachment as foo.zip, then open it? 

IMHO fixing the real problem -- vulnerable email clients that
execute code -- should be more of a concern. Of course, this does
nothing to solve the problem of users saving attachments and
executing them; but I have a few solutions to that as well that
include using more secure operating systems.

-- 
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3




More information about the unisog mailing list