lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com) Subject: Re: [FD] FD should block attachments Paul, It seems we are trading valid concerns... One potential solution might be a common web-based repository (hosted by some kind soul who has the willingess and wherewhithal to do it...any reputable volunteers?) that could be used by all members to drop files, then point to them within the messages to the group via URL. Of course that has the potential to be misused in a variety of ways and would have to be administered, and really, someone is still footing the bill. I don't know that I would really liken the people sending files along to this group to spammers...but the analogy is useful in terms of making your point. Bart Lansing Manager, Desktop Services Kohl's IT Paul Schmehl <pauls@...allas.edu> Sent by: full-disclosure-admin@...ts.netsys.com 04/05/2004 11:05 AM To full-disclosure@...ts.netsys.com cc Subject RE: [Full-Disclosure] Re: [FD] FD should block attachments --On Monday, April 05, 2004 09:04:36 AM -0500 Bart.Lansing@...ls.com wrote: > > Paul, > > Just a thought here...as you're right, having some modicum of > consideration for those who have cost issues with bandwidth (I'll content > that we are not spoiled, and that we...ok...most of us...pay for the > bandwidth we use...TANSTAFL). However, you are assuming that anyone who > wishes to potentially send a file along here can just as easily host > one. Not, I think, a valid assumption...and one which, for many...would > cost money. So, who gets to pay? Either someone is paying to download, > if they are on a pay-as-you go model, or someone is going to pay to > host...either way, it's not quite as simple as you've made it out to be. > You make an interesting point, and it has some validity. What immediately came to my mind when I read that was the spammers. They expect to shift the cost of what they do to the recipients. Is that what should be the standard for security researchers as well? Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040405/2dab2267/attachment.html
Powered by blists - more mailing lists