Yahoo mail blocked me from sending a program I wrote, what can I do?

  • Thread starter Thread starter yungman
  • Start date Start date
  • Tags Tags
    Program
Click For Summary

Discussion Overview

The discussion revolves around the challenges of sending a program via email, particularly when email services block executable files due to security concerns. Participants explore various methods for sharing files, including cloud storage, physical mailing, and file compression techniques.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested
  • Homework-related

Main Points Raised

  • One participant expresses frustration about their program being blocked by email due to potential security issues, questioning how programmers typically share executable files.
  • Another participant mentions that their work email blocks various executable file types and suggests renaming the file extension or using a password-protected zip file as potential workarounds.
  • Some participants propose using cloud storage services like OneDrive or Google Drive to share files, citing that these methods may bypass email restrictions.
  • Concerns are raised about the security risks associated with sending executable files, with one participant referencing a historical incident at IBM involving a problematic script.
  • Several participants suggest mailing the program on a USB key or SD card as an alternative method of delivery.
  • There is a discussion about the process of creating a password-protected zip file, with some participants clarifying the difference between encrypting data and protecting a zip file with a password.
  • One participant expresses confusion about how to set a password for a zip file and shares their experience of not being prompted for a password during the encryption process.
  • Another participant offers advice on how to send passwords securely when sharing a protected zip file.
  • A participant requests recommendations for zip programs that support password protection, indicating their lack of familiarity with such tools.

Areas of Agreement / Disagreement

Participants do not reach a consensus on the best method to send the program, as multiple competing views and suggestions are presented throughout the discussion.

Contextual Notes

Some participants express uncertainty about technical terms and processes, indicating varying levels of familiarity with file sharing and security practices.

Who May Find This Useful

This discussion may be useful for individuals looking to share executable files securely, those unfamiliar with file compression and encryption, and users seeking alternative methods for file transfer in a professional or personal context.

  • #31
Vanadium 50 said:
Is now the time to point out that if the program were mailed on Saturday the recipient would be getting it around now? Sometimes low tech is best.
I think that having a way to email files without the email provider snooping their contents and blocking the ones deemed to be possibly dangerous is useful.

USPS small package service is not an acceptable substitute for being able to send program files via email.

Back when I could just rename .zip or .exe file extensions, e.g. to .zip.dat or .exe.remove-this-extension and send them, I didn't mind gmail blocking files the extensions of which rendered them executable, but I think that if a recipient has to manually rename a file at the extension level (and go past the usability warning prompt for doing that) to get it to be executable or otherwise potentially dangerous, that's a sufficient safety mechanism against inadvertent or casual opening of a harmful email-attached file.
 
Last edited:
Computer science news on Phys.org
  • #32
sysprog said:
You could use http://www.nirsoft.net/utils/xorfiles.html
It XORs two files, saving the result in a third file. For the second file, you can use any file of a non-blocked type, and of a length that is equal to or greater than that of the .exe file, e.g. a .jpg file.
...
Your recipient will then have a copy of your program.exe file.
That's only going to work if the munged .jpg file still parses as a .jpg otherwise any intelligent malware filter is going to see what you are trying to do.

The only way I know of to reliably send arbitrary binary files via email is by manually converting to and from hex at each end and sending as a text file.

But nobody sends exe files by email anyway, there are many ways you can put this on t'internet for downloading via either a protected or public link: OneDrive, Dropbox, attached to a Wordpress.org blog, GitHub releases...
 
  • #33
sysprog said:
USPS small package service is not an acceptable substitute for being able to send program files via email.

I was actually thinking first class mail. The point is to get some code to the guy's grandson. And we're talking about jpeg steganography?
 
  • #34
Vanadium 50 said:
Is now the time to point out that if the program were mailed on Saturday the recipient would be getting it around now? Sometimes low tech is best.

There is a great story about TIme magazine shipping their content back and forth via courier to Hong Kong and New York for their Far East edition using a disk pack in the 1970's. A disk pack was a portable (it had a handle) magnetic storage device that weighed 10 lbs rather like a USB stick today.

f8f4a778892d5f9a83c15bfc17c0b95a.jpg


Mgmt decided to speed up the process by using a satellite connection. However, the slow speed and error correction took more time than it did to just fly the courier to Hong Kong and back weekly and so they reluctantly reinstated the courier for a few more years.
 
  • #35
pbuk said:
That's only going to work if the munged .jpg file still parses as a .jpg otherwise any intelligent malware filter is going to see what you are trying to do.
I just tried it and it worked ##-## I ran the procedure on everything.exe (a lightweight and fast directory search utility available at https://www.voidtools.com/downloads/ ##-## I use the portable version) with a pdf as the mask file and the destination file with a .dat extension. The filters look for 'signature' byte patterns to detect known possibly-dangerous file types; they don't reject 'bit soup' files.
The only way I know of to reliably send arbitrary binary files via email is by manually converting to and from hex at each end and sending as a text file.
That would work, but it's not the only way. You can use base64 encoding, for example, and the method decribed in my post #28 works fine.
But nobody sends exe files by email anyway, there are many ways you can put this on t'internet for downloading via either a protected or public link: OneDrive, Dropbox, attached to a Wordpress.org blog, GitHub releases...
I send .exe files now and then. For any non-third-party file, including .exe files, I normally would rather send an attachment than a link. I use google drive only when a file is too large for gmail or the number of recipients is more than a few.
 
Last edited:
  • #36
Vanadium 50 said:
I was actually thinking first class mail. The point is to get some code to the guy's grandson. And we're talking about jpeg steganography?
USPS small package service is a 'species' of first-class mail ##--##
from https://www.usps.com/ship/mail-shipping-services.htm:

First-Class Mail® is an affordable mail service for standard-sized, single-piece envelopes weighing up to 3.5 oz and large envelopes and small packages weighing up to 13 oz with delivery in 3 business days or less.​
(emphasis added)​

The method is not steganography; it's simply XOR masking -- if a .jpg file is used as the mask, it's sent without alteration. The .exe file is XORed against the mask file (of the same or greater length), and the resulting data file is sent along with the mask. Then at the receiving end, the data file is XORed against the mask file, and the result is the .exe file.

The method is the same as that used for a one-time pad cipher, except that it sends the mask file with the data file instead of by separate transmission, the mask doesn't have to be random, and it can be used more than once ##-## the goal here isn't imperviousness to cryptanalysis; it's getting past a filter by eliminating the characteristic patterns that the filter searches for.

For real one-time pad security, you could use two DVDs filled with identical random data, send one to your correspondent, and then send XOR-masked data files, each with an offset number for how far into the DVD was up next for use as a mask. Then a script could copy bytes from the DVD, beginning at the current offset, and running the length of the data file. The new offset for the next file to be sent, in either direction, would be the offset just used plus the length of the data file just sent. With a standard 4.6GB DVD, that would allow for 460 program or other files of 10MB length each, or a lot of smaller files.
 
Last edited:
  • Wow
Likes   Reactions: jedishrfu
  • #37
Perhaps we should be looking at google drive file sharing now. We wouldn't want to hide the data from the feds (who likely know about XOR masking already).
 
  • #38
jedishrfu said:
Perhaps we should be looking at google drive file sharing now. We wouldn't want to hide the data from the feds (who likely know about XOR masking already).
The method described in my post #28 here is not secure against government cryptanalysis, and there are difficulties in practical implemention of genuine one-time pad cryptography, not the least of which is rapid and reliable generation of 'truly random' data.
 
  • #39
sysprog said:
The method described in my post #28 here is not secure against government cryptanalysis

It's OK. He's sending something to his grandson. It doesn't need to be secure against major world governments.
 
  • #40
I got an e-mail from a foreign government official (I'm not at liberty to say which country) requesting that I temporarily lock this thread for Moderation...
 
  • Wow
Likes   Reactions: sysprog
  • #41
yungman said:
I am sure people send .exe by email, or else how can programmers work at home!

You must be joking. The usual way of sharing source code is by distributed version control systems such as git. The usual way of sharing executables is by providing them via properly secured download links or packages shipped with operating systems. Nobody shares code or executables by email.
 
  • #42
PeterDonis said:
You must be joking. The usual way of sharing source code is by distributed version control systems such as git. The usual way of sharing executables is by providing them via properly secured download links or packages shipped with operating systems. Nobody shares code or executables by email.
Well, to be fair. We used to do this all the time 5-10+ years ago in my company. But with more strict (and justified) security measures in place, we no longer can do that, so we use OneDrive or our internal servers, etc. to do it as I've already posted in this thread.
 
  • #43
As @berkeman has said in a prior post, it’s time to close off this thread. We have explored the breadth and depth of the problem and find that once we have over engineered our answers. We have given the OP multiple avenues to try out while his grandson is anxiously awaiting its arrival by email or snail mail.

As @PeterDonis has intimated professionals use professional methods while the rest of us use whatever works. Oh how times have changed in the software world from simple file backups to SCCS, RCS, CVS, SVN, and now GIT. For my own projects, I tend to use Google Drive for large zip files and email for scripts. I’ve not had a need to develop exe files in a long time But would likely use the drive approach to bypass the email block. The drive approach allows me to change the file while keeping the email reference intact.

Thank you all for contributing here and without further ado will close this thread forever.
 
  • Like
Likes   Reactions: berkeman

Similar threads

Replies
12
Views
4K
  • · Replies 15 ·
Replies
15
Views
2K
Replies
6
Views
2K
Replies
1
Views
2K
  • · Replies 10 ·
Replies
10
Views
3K
  • · Replies 5 ·
Replies
5
Views
2K
  • · Replies 17 ·
Replies
17
Views
3K
Replies
40
Views
4K
  • · Replies 1 ·
Replies
1
Views
1K
  • · Replies 49 ·
2
Replies
49
Views
4K