| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source "Jason Coombs" <jasonc@...ence.org>, whose input is usually intelligent, considered and well-reasoned, chose to fall from his pedestal thus: > Curt Purdy opined: > > FWIW I disagree with any moderation at all. > > The point is, this is a FREE forum, one of the few left in the world. > > I agree completely. The sobig spam is valuable -- it shows us who we > should not trust to operate a computer. _If_ you know what to take from the headers _AND_ have omniscient access to the mythical IP-to-user mapping address list... You -- like several incredibly clueless posters today -- are entirely incorrect in this case. Look up any vaguely competent description of the workings of this virus. Then explain how you would divine the real victim, as opposed to the addresses spoofed by the virus, from Sobig's mail. Better yet, save yourself the time trying, as the answer is you cannot. > It also reveals the identity of people who have us in their address > books without our consent. D'oh! number two. Sobig gathers Email addresses from _many_ file types it finds on its victims' machines including the file types of the Email message "folder" files used by mailers, HTML files. .HLP files and .TXT files. Your comment again shows an uncharacteristically ignorant view of the actual situation. > By blocking 2,000+ copies launched at the list we've been saved some > bandwidth ... "some" = approx 200MB (each virus message is approx 100KB). > ... but we've been deprived of the opportunity to point and laugh > at the people who subscribe to full-disclosure who got hit by the silly > thing. Or, if you understood how the virus really works, you were saved the embarrassment of being shown to be a fool by your pointing and laughing at the wrong people. So how ironic that you were then silly enough to post this drivel so those of us who do know how Sobig works get to laugh at you and others like the clown of Clowater... > Just as some people in business refuse to do business with any person or > company who sends spam, some of us also refuse to do business with > anyone incompetent enough to get hit by a virus or worm. Indeed, but the truly cluefull refuse to do business with those who clearly don't know anything important about something they should. What's that saying -- better you be thought a fool than open your mouth and remove all doubt? > Perhaps Len could send a single digest message to the list revealing the > identity of each subscriber who tried to spam us with a sobig attachment > -- it's the least he could do after intentionally covering up for these > people. And, if your address were on that list? _That_ wouldn't make me laugh at all because I understand that your address would be there because you were _NOT_ infected (well, almost certainly not...). And, I know for a fact that I am not and have not been infected (well, I deliberately infected machines in my test network but that's not connected to the Internet and has not "released" anything) _BUT_ I'd not be at all surprised to see my address on that list as I've received several dozen bounces for apparently sending the virus. As it seems to be the day for it -- go stand at the back of Clowater's cluestick queue. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists