| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: gossi at lab6.com (Gossi The Dog) Subject: MCAFEE E-MAIL SCAN ALERT!~FWD: INTERNET S On Fri, 2003-04-11 at 07:07, Valdis.Kletnieks@...edu wrote: > On Wed, 09 Apr 2003 22:12:45 EDT, Jason <security@...enik.com> said: > > > Look at how your "protections" expose you when dealing with lists too. > > Then look at those annoying out of office notifications. Nothing like > > telling a lot of people the perfect contact points in an org doing some > > type of security, ohh and by the way, they are out of the office! > > And better yet, the mail packages that are the biggest offenders are also both > quite well known as the subject of security advisories, and also quite helpful > in providing their exact release/build info, so you can carefully craft a > message for maximum impact. > > Might as well just attach a .BMP of concentric red-and-white circles to the note ;) Well - indeed. I seem to recall if you send duff (like 500 bytes) SMTP commands to NAI Webshield, it causes it to crash. I never really bothered following it up. Plus, NAI Webshield doesn't log the IP in email headers of connecting servers. So you can do HELO nasa.gov, and it passes it on as nasa.gov in the headers. Could be quite handy, that.
Powered by blists - more mailing lists