lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <003601c3ea46$779241f0$6565a8c0@IBMPIII>
Date: Tue, 3 Feb 2004 06:11:25 -0500
From: "James C. Slora Jr." <Jim.Slora@...a.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: RFC: virus handling


Craig Morrison wrote Wednesday, January 28, 2004 4:26 PM

> Shut off notifications.

Yup.

Standardizing notifications according to some new RFC would accomplish:
1. Providing another standard message format for socially engineering virus
deliveries.
2. Adding yet another format for notifications - no such RFC would be
universally adopted.
3. Feeding us geeks more useless esoterica to discuss indignantly on the
lists - should noncompliant notifications be a new classification for
rfc-ignorant blacklisting?
4. Continuing bombardment by enough mistaken and virus-faked notifications
to make all notifications worse than useless.
5. Continuing possibilities for using MTA event-handling automation as a
virus distribution vehicle. Possibilities would be more limited, but they
would not be eliminated.
6. It would make it easier to filter the notifications, as the original
poster intended. But I would rather not get them at all when most of them
are mistaken automated notifications.

Dealing with misaddressed mail and incoming infections is boring and costly.
But automated NDRs and virus notifications just spread a larger cost out
across a mail system. They eat the time of the system, the users, their
correspondents, and possibly someone else's admin. They are a selfish way to
push the costs onto others, and probably cost an organization more than they
save in the mail admin's time.

My opinion is you should drop what bad mail you can, and deal with the rest.
Notifications are only useful when they are actionable - they have to be
well-analyzed, and they have to be sent only to people who understand them
and who have the motivation and ability to deal with them. That is a tall
order, which means there should only be a few manually reviewed
notifications.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ