mailing list archives
RE: [inbox] Re: Re: E-Mail viruses
From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 8 Mar 2004 15:46:24 -0600
It's not 3^36, which is multiple billions, it's only 36^3,
which is 46,656.
And only one has to get through to an idiot.
Anybody else got a mail server that blocked more than that
this weekend alone? Draw the obvious conclusion here...
And *that* was why I was dubious as to the real usefulness...
I don't care if it is only 46. The whole point was I don't care if the
whole world knows our proprietary extension. No virus writer is going to
waist time pointing her 0-day worm at us. The whole idea is to spread as
much as possible, so they will pick standard extensions only. If it is not
a 0-day, our AV server will kill it anyway. This mehtodology has stopped
100% of all virus attachments since institution. Our AV server is getting
bored, having nothing to do.
In addition I don't get up at 5am anymore to scan the lists for the newest
outbreak. The peaceful sleep alone is proof of it's usefullness.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
Full-Disclosure - We believe in it.
Re: Re: E-Mail viruses Jorge Daza (Mar 08)
Re: E-Mail viruses Incident List Account (Mar 05)