I've got a program that will hide any data I want within a sufficiently
complex image in GIFF format, and another program that will embed data
within a gzip file. The result, in either case, is something I can make
absolutely sure is undetectible by you as an "unsecure" object.
We all know that it is then a trivial step to uuencode this, encrypt it
(so you don't know it's uuencoded) and email it to any valid recipient
name that I can reach. If mail goes out the firewall, there isn't a
damned thing we can do to stop such "unsecure" traffic. If a site is at
all busy, we'd never even notice.
I'd say that this negates your point pretty well. Can we stop talking
about e-mail now? Please?
Richard
* However, mail security and the question of how it can affect the firewalls
* effectiveness are directly interrelated. I beleive that you cannot have a
* secure firewall with unsecure mail traveling through it.
*
* In fact, a case is easily made that there is no such thing as a secure
* firewall with any kind of unsecure traffic going through.
* Name: Dorian W Smith
* E-mail: dsmith @
isc .
nva .
ge .
com (Dorian W Smith)
* Date: 27 JUN 94
Follow-Ups:
|
|
