Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [inbox] Re: Re: E-Mail viruses
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 8 Mar 2004 15:46:24 -0600

Valdis.Kletnieks wrote:
It's not 3^36, which is multiple billions, it's only 36^3,
which is 46,656.

And only one has to get through to an idiot.

Anybody else got a mail server that blocked more than that
many Netsky's
this weekend alone?  Draw the obvious conclusion here...

And *that* was why I was dubious as to the real usefulness...

I don't care if it is only 46.  The whole point was I don't care if the
whole world knows our proprietary extension.  No virus writer is going to
waist time pointing her 0-day worm at us.  The whole idea is to spread as
much as possible, so they will pick standard extensions only.  If it is not
a 0-day, our AV server will kill it anyway. This mehtodology has stopped
100% of all virus attachments since institution.  Our AV server is getting
bored, having nothing to do.

In addition I don't get up at 5am anymore to scan the lists for the newest
outbreak. The peaceful sleep alone is proof of it's usefullness.

Information Security Engineer
DP Solutions


If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]