lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 28 Jan 2004 19:24:52 +0100
From: Patrick Proniewski <patpro@...pro.net>
To: Thomas Zehetbauer <thomasz@...tmaster.org>
Cc: Liste BugTrack <bugtraq@...urityfocus.com>
Subject: Re: RFC: virus handling


On 28 janv. 2004, at 16:45, Thomas Zehetbauer wrote:

> Looking at the current outbreak of the Mydoom.A worm I would like to
> share and discuss some thoughts:


You bring some definitely interesting points here.

I agree with your 1) and 2), but 3) rises some technical concern

> 3.1.2.) e-mail Alias and Web-Interface
> Additionally providers should provide e-mail aliases for the IP
> addresses of their customers (eg. customer at 127.0.0.1 can be reached
> via 127.0.0.1@...vider.com) or a web interface with similiar
> functionality. The latter should be provided when dynamically assigned
> IP addresses are used for which an additional timestamp is required.


could be a really good idea, if not so easy to use for spammers or even 
for virii. The moment you setup such a service, spammers/virus coder 
will write a script that can reach every single user with an active 
connexion. It's a really major drawback I think.


patpro
-- 
je cherche un poste d'admin-sys Mac/UNIX
(ou une jeune et jolie femme riche)
http://patpro.net/cv.php

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ