Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: text
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 24 Mar 2004 19:59:20 -0600

--On Wednesday, March 24, 2004 4:06 PM -0500 Valdis.Kletnieks () vt edu wrote:

*yawn*  So some bozo who reads full-disclosure has a virus, and it scraped
the listname and Paul's name.  Death of Internet Predicted. Film at 11.

False assumption. No one on this list has to be infected for this list to get a virus. All it takes is someone who is infected and has the email address of a list member on their hard drive - in an addressbook, in their browser cache, in a text file they saved from a website, and the virus can send email "from" them. Then all that is left is to have the address of the list as well, and the virus can send mail to the list.

However, in this case, *I* sent the "virus". I had the word "t e x t . p i f" in the body of my message (without the spaces, of course), and the poorly configured AV scanners "detected" a virus.

If you give that some brief thought, it should appall you that people actually *paid* for that software when grep could do the same thing.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault