| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: MCAFEE E-MAIL SCAN ALERT!~FWD: INTERNET S Brad, I think you miss the bottom key point Nick made. It concerned the use of common sense, you sidestepped it. And that can be damaging in a technical environment. One might fully reasonably assume most folks are protected in some fashoin from mass infection when something might get released to such a list as this, and that assumption will be incorrect. No matter what the target audience of the list, no matter how 'technically inclined" the readership is assumed. Look at how many folks that should know better spam the list not only with anti-virus trash, or spam avoidance crap, but also; vacation messages, anti minor-profanity BS, and what not. There was not real need at the time to include the virus/trojan into the message you posted, at least not in an openly virant manner, sheesh, even a gzip or uuendcoe or something would have shown a tad more forethought. But, really, the headers with the info you provided in the form of a question should have sufficed, until and or unless someone asked for more specifics. Perhaps a point you can agree with? Thanks, Ron DuFresne On Wed, 9 Apr 2003, Brad Knowles wrote: > At 2:06 PM +1300 2003/04/09, Nick FitzGerald wrote: > > > What he, and several others of us, said makes you stupid is that you > > _forwarded the whole message when you suspected the attachment was a > > virus or something similar_. > > For the moment, let's assume that this was a result from a new > virus, Trojan Horse, or hoax that had not previously been encountered. > > Now, this list is called "full-disclosure". How are we to > intelligently discuss some subject, if we don't have a complete copy > of the thing that it is that we are supposed to be discussing? > > > Your inability to accept that that was extremely stupid is seen as > > quite reasonably reinforcing that belief. > > I had thought that this was the list where all the real security > experts went, after BugTraq started taking a more intrusive editorial > stance. > > I had thought that we'd have people on this list that have > sufficiently armored themselves against attack that we wouldn't have > things like "virus detected" warnings being posted via automated > programs. > > I had thought that we could have a reasonable discussion, and > that if there was something I had missed, people would provide me > with a pointer to the appropriate information source, without the > infantile need to resort to name-calling. > > > A number of people were, indeed, kind enough to provide links to > the virus description web pages (ones that I had searched for but > obviously missed), and I greatly appreciate the speed of their > response. > > Are you, and others, now going to make me regret that this is the > place where I thought that a free and open discussion was actually > possible? > > -- > Brad Knowles, <brad.knowles@...net.be> > > "They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety." > -Benjamin Franklin, Historical Review of Pennsylvania. > > GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ > !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) > tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists