Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: Troy <thmaillists () yahoo com>
Date: Mon, 22 Mar 2004 22:51:30 -0800

On Tue, 23 Mar 2004 04:46:02 +0200, Gadi Evron <ge () egotistical reprehensible net> wrote:

In that case, I wonder why spam doesn't get to the list?

Most spammers aren't going to go through the hassle of subscribing to
the list to send messages when they can send email directly to people
with little effort.

Is some filtering in place?

No. The fact that you must be subscribed to post without a moderator
approving your messages prevents the spam. Spammers are, for the most
part, lazy and cheap. Bypassing the moderation requirement involves work.

Spam is sent from spoofed addresses as well, and moderating unsubscribed
addresses can't account for everything?

Spam is not sent randomly from machines infected by a worm. At least,
not yet. Yes, a spammer can pull messages from this list and use them to
spoof return addresses to get spam through, but the audience isn't large
enough to warrant the work. This list, in particular, is even a less
desirable target for spammers because the risk of being successfully
traced is much higher.

As I mentioned in my original post (and I add to now), I do not
criticize the list not being moderated, full disclosure, free speech,
flame wars, kiddie battles, hate-Microsoft emails, or anything else.

I criticize viruses which under false pretense try to get me infected
are getting to me through this forum. Getting to thousands through this
forum. This is not under Acceptable Content in the current list charter.

It's not acceptable, but there's nothing that can be realistically done to
prevent it. To ask the moderators to do something about it is asking far
too much.

Keep in mind that this is a free list. As Stu pointed out, an automated
anti-virus filter will cost too much. Not only that, but the very nature
of this list will keep an automated system from working properly. How
does an automated system know the difference between an actual virus and
some sample code that is sent to the list? It doesn't, which means
sample code will be filtered out, which will make this list just another
security forum.

Another option would be to make the list moderated, which means the
moderators will have to spend several hours a day approving messages.
This might be a viable option, except for the fact that they are
volunteers and are not getting paid to moderate this list.

Not only that, but in this litigious society, you have to be very
careful about what you do. Once you start filtering messages, you have
to be prepared to defend yourself when something bad happens to slip
through your defenses. If you didn't do everything you could to prevent
a virus from getting through, you're opening yourself up for a lawsuit.

Besides, where would they draw the line? The very nature of this list
centers around security holes and exploits. Often, the difference
between actual malware and a proof of concept executable is very minute,
and you can't expect the moderators to have to make judgement calls like
that.

The only remotely viable option would be to block all attachments, but
that will, once again, take away what makes this list unique.

-- 
Troy

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault