That's why you should entrust all your email services to Hotmail.

You've got a point there.

While not as flexible as mutt on a *nix server, at least Hotmail is basicly secure.

I'll have to dust off my sendmail sploit-of-the-week card and get them to punch it for me! 12 punches and you get a free MTA!

Well, I don't use sendmail. I use postfix. So M$ and sendmail both suck, lol.

Yes, in order to make sendmail even more convoluted, I recommend it be rewritten in perl. Or maybe javascript, that would work too.

A serious response to the story is too bleak. Ho-hum, upgrade sendmail, patch it, OK.

Comedy is inappropriate. "Is that sendmail dead? No, it's just sleeping. Oh, I could swear it was dead! No, it's just tired, see? Sendmail gottan exploit, sendmail gottan exploit!"

Irony is difficult. To be honest, I can't even be sure which ironic form I would employ in this case. Forget irony.

Sarcasm? "Sendmail, yeah, like we're still using that dinosaur!" What, we are? Dang. Why? "Cause it was there?" What kind of an excuse is that?!

Nihilism... "yes, another day, another exploit. ssh, now sendmail. I can just see the future, one long bitter trail of unpatched software, server after server to upgrade. brain the size of a planet, and here I am, patching sendmail. what's the use, I ask you...?"

Slashdotisms? All your sendmail overlords are 1-2-3 profit to us? Imagine? In Russia? No, no, no.

SCO! SCO! "It's not an exploit, it's a snippet!!!" Worth a try.

Damn you to the deepest depths of hell, Slsadhot edirots, this story has so little karma leverage it hurts.

You should have the Windows one, you'd get even more free stuff.

> Does Linux have an Auto-update mechanism similar to
> windows that indicates when new patches are available
> for download?

Yup. it's called "slashdot"

I experience daily buffer overflows receiving mail.

If you can edit a .cf file by hand, you've earned the right to run it. :) And the punishment of running it.

No, you should entrust all your email to me... I'm a nice guy really. I'm *never* responsible for remotely exploitable holes.

But they must have, because there are no bugs in any software that runs under Linux. There never have been, and there never will be.

Lies, all lies, I'm not in sendmail, I don't even run sendmail. I run qmail.

that's pretty sad if you think "a lot" and "allot" mean the same thing. go back to kindergarten.

I agree and am migrating to Exchange as I type this. Hopefully it, and Outlook will be more secure for my users.

I feel like my week isn't complete without patching Sendmail at least once. Ahhh... return to normalcy. I feel better.

that many in the Open Source Community are content to imitate Microsoft's latest offerings, but copy exploits is, in my opinion, going too far! ;-)

What?? You don't trust software compiled by flying butt monkeys?

I vote to have it written in Brainfuck (http://www.muppetlabs.com/~breadbox/bf). A simpler language makes a program easier to read, right?

I wouldn't be surprised entirely if it turned out that sendmail was the first (and only) non-trivial program that could be expressed in brainfuck [muppetlabs.com]. I fact, I believe that sendmail.cf [busan.edu] had been ported to brainfuck already.

Sendmail states this is potentially remotely exploitable

Wow, sendmail must've come a long way since I last used it...
Now tell me why not all software has this feature.

as I cannot believe that sendmail would have an exploit (remote or otherwise) given its' history.

bernstein managed to suck out the brain of many people?

> What?? You don't trust software compiled by flying butt monkeys?

Yes, I use Microsoft products all the time.

There was a Dilbert strip where Dogbert tried to sell Dilbert a "perpetual newspaper"; only a thousand dollars and you'll never need to buy another newspaper!

The headlines were like "Pope Denounces Violence" and "Real Estate Values Rise" and "Unrest in the Middle East". I think that "Buffer Overflow Found in Sendmail" would have been a worthy addition to the Tech Pages.