On 11/5/2021 10:50 AM, John Hardin wrote:
And what of the BIDI sequence that actually causes the problem?
1) The authors cite, as Reference 18, a 2011 Krebs article:
'Right-to-Left Override' Aids Email Attacks
https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/
Th
On Fri, 5 Nov 2021, Benny Pedersen wrote:
On 2021-11-04 09:34, Damian wrote:
>> Please convert all source code to ASCII. If it fails to compile, then
it may have a trojan hiding in Unicode clothing.
>Instructions unclear.
CVE 2021-42574
It remains unclear (to me). What source code should s
In v4.x, Unicode support will be better. That also means it may be easier
to make this sort of attack quieter in the future, as non-ASCII rules
won't be definitively wrong as they are now.
The question is whether non-ascii malicious rules could do anything more
damaging than simply failing to
On 2021-11-04 09:34, Damian wrote:
>> Please convert all source code to ASCII. If it fails to compile, then it may
have a trojan hiding in Unicode clothing.
>Instructions unclear.
CVE 2021-42574
It remains unclear (to me). What source code should spamassassin-users
convert? Attached source c
On 11/4/2021 10:44 AM, Bill Cole wrote:
On 2021-11-04 at 08:45:02 UTC-0400 (Thu, 4 Nov 2021 08:45:02 -0400)
Jared Hall
is rumored to have said:
[...]
2) Beware of using somebody else's source code :)
That's the really significant warning...
Agreed. Does one need to write a paper and publi
On 2021-11-04 at 08:45:02 UTC-0400 (Thu, 4 Nov 2021 08:45:02 -0400)
Jared Hall
is rumored to have said:
[...]
2) Beware of using somebody else's source code :)
That's the really significant warning...
The relevance to SA is that it uses a config system with "rules" that
can be auto-updated
Original Message
On Nov 4, 2021, 09:34, Damian < spamassas...@arcsin.de> wrote:
> >> Please convert all source code to ASCII. If it fails to compile,
> then it may have a trojan hiding in Unicode clothing.
>
> >Instructions unclear.
>
> CVE 2021-42574
> It remains unclear (to me)
>> Please convert all source code to ASCII. If it fails to compile,
then it may have a trojan hiding in Unicode clothing.
>Instructions unclear.
CVE 2021-42574
It remains unclear (to me). What source code should spamassassin-users
convert? Attached source code in emails? How should they conv
Original Message
On Nov 4, 2021, 07:45, Damian < spamassas...@arcsin.de> wrote:
>> Please convert all source code to ASCII. If it fails to compile, then it may
>> have a trojan hiding in Unicode clothing.
>Instructions unclear.
CVE 2021-42574
Please convert all source code to ASCII. If it fails to compile, then it may
have a trojan hiding in Unicode clothing.
Instructions unclear.
Please convert all source code to ASCII. If it fails to compile, then it may
have a trojan hiding in Unicode clothing.
11 matches
Mail list logo
