On Wed, 20 Aug 2003, Karsten W. Rohrbach wrote: just me(matt@snark.net)@2003.08.20 14:17:17 +0000:
http://www.cert.org/advisories/CA-1997-14.html http://www.cert.org/advisories/CA-1998-10.html
Wow, the second one even mentions Mutt by name.
The more recent of those two advisories is dated August 11, 1998. What are you trying to express, by citation of those pretty outdated CERT advisories? If you are trying to imply that software does not improve in a time frame of five years, go ahead and convince me. =) It's happened before, it'll happen again. Please don't pretend that your MUA-de-jour is somehow invulnerable by design, unless you've audited every line of code yourself. On a different angle, the apparent problem of a software product being vulnerable to an exploit is not solved by deploying a - albeit well-patched - application monoculture worldwide. Risk is lowered by using more well-designed software packages out there. Diversity is the name of the game, it's nature's solution and it seems to work quite well. I completely agree. Which is why I discourage people from using Outlook Express as well as Mutt. matto --mghali@snark.net------------------------------------------<darwin>< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include <disclaim.h>