Home page logo
/

nanog logo nanog mailing list archives

Re: Mobile code security (was Re: rr style scanning of non-customers)
From: Brandon Butterworth <brandon () rd bbc co uk>
Date: Mon, 16 Jun 2003 17:09:38 +0100 (BST)


      I think pauls point may be:
      If they use text based mailers

I know, intrinsically safe is good but that's not what managment
wants so you end up with bodges to make their choices safer. Some
people may go too far

      It's a lot harder to open up a microsoft executable on a *nix
machine than a windows machine.

We have ongoing pressure to switch to MS based systems to tie in with
corporate stuff (being a Unix island is hard) so this problem interests
me, we've thought about filtering but more extracting info where
possible rather than rejecting (so your text/plain would get turned
into plain text). We'd reject html only along with various document formats

      If your abuse desk can't take the complaint, you can't do anything
about it.  The abuse/security desks are in most cases small, understaffed
and hidden to prevent them from being overworked yet do enough that
you're not called a spam/abuse harborer.

Often filtered through a front desk that risk breaking it
or running it. 

I think holding those messages somewhere someone with a clue can look
at them if they need to and only passing plain text through
intermediate systems & people is best. We'd like to be able to see the
virus for forensics so we're not going to be allowed to get these
messages anywhere near Exchange anyway.

brandon


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault