Re: Gopher attack? (not a sighting just a question)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Julian Assange: "Re: Sendmail fixkit"
• Previous message: Bret McDanel: "Re: Sendmail fixkit"
• In reply to: Dr. Frederick B. Cohen: "Gopher attack? (not a sighting just a question)"
• Next in thread: Albert Lunde: "Re: Gopher attack? (not a sighting just a question)"

Dr. Frederick B. Cohen mumbled something vague about:
> 
> I was thinking about the sendmail attack working from the inside as
> opposed to the outside and it occured to me that gopher sends email
> (upon request) to transmit a file to the person using the gopher server.
> Could this be used (by sending the mail to another user on the gopher
> server) to launch the sendmail attack as an insider?  Probably not,
> but I just thought I'd ask.

I believe that the client does the mailing, not the server.
If that's the case, then I don't think you'd get a significantly greater
risk.  Especially since the attack would only work if the identd on the
user's machine is hostile.  Or am I missing some subtle interaction between
the client and the mail system?

Mike

• Next message: Julian Assange: "Re: Sendmail fixkit"
• Previous message: Bret McDanel: "Re: Sendmail fixkit"
• In reply to: Dr. Frederick B. Cohen: "Gopher attack? (not a sighting just a question)"
• Next in thread: Albert Lunde: "Re: Gopher attack? (not a sighting just a question)"