Full Disclosure mailing list archives
Re: Religion. Was HEADS UP...
From: Jason <security () brvenik com>
Date: Sun, 25 May 2003 01:26:46 -0400
This is a religous debate that will never die! morning_wood wrote:
then my apologies to the the list, the main body of the text is mostly a rip of the exe anyway,..
Security is an evolution, I would not apologize because someone got upset about an email with a virus. If anything at all I would apologize for not considering your actions more carefully. I imagine you just helped evolution a little bit more somewhere. ;-)
[snip]
Another option is for the list-serve software to remove all attached executable files from incoming messages it receives before the messages are blasted out to the world. This is a good policy for any email list, but particularly important for a computer security list.
I disagree completely with this but it is a religous debate isn't it. A security list needs the freedom to pass any and all relevant information without hinderance otherwise you get bugtraq. The decision about relevance is relative in itself and for me to decide.
Stripping attachments offers less security by providing a false sense of security IMHO.
FWIW, Outlook 2002 automatically discarded the Update880.exe file on my system, so I couldn't even look at it if I wanted to. A password protected .ZIP file is the generally accepted standard for sending out malware samples. However, I don't think malware is appropriate for this list.
While a password protected zip archive or a double zipped archive or a link to the content over http and ftp is generally more acceptable, malware should be expected in everything you do these days. There is no other answer!
The double zipped archive could just as easily be a DoS against your mail server or the archive itself could exploit a vulnerability in the most common decompressors...
To stray further off topic a moment and further add to the noise.I happen to like reversing virii and have grown to love them for the art and beauty they can convey. It is a sad state that today we are mostly presented with mass mailing trojans and worms.
I would love to get my hands on a Linux virus that was polymorphic and underhanded for the sole purpose of survival. I've yet to have one come by in the wild that was truely effective.
Give it ptrace, ioperm, and race condition detection and you have the makings of a good old fashioned linux virus that overcomes the root barrier. Human error alone ensures its survival.
That is a discussion for focus-virus which is moderated and generally useless.
[snip rest] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- HEADS UP VIRUS BEING SPREAD one of our readers infected? scheidell (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? morning_wood (May 24)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Richard M. Smith (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? yossarian (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? morning_wood (May 24)
- Re: Religion. Was HEADS UP... Jason (May 25)
- Re: Religion. Was HEADS UP... Nick FitzGerald (May 25)
- RE: Religion. Was HEADS UP... Ed Carp (May 25)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Mads Tansø (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? morning_wood (May 24)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Ed Carp (May 25)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Ron DuFresne (May 27)
