[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <JAEGIICLHAJHLINAEHLBGEHBCNAA.erc@pobox.com>
From: erc at pobox.com (Ed Carp)
Subject: MCAFEE E-MAIL SCAN ALERT!~FWD: INTERNET S
> Now, this list is called "full-disclosure". How are we to
> intelligently discuss some subject, if we don't have a complete copy
> of the thing that it is that we are supposed to be discussing?
Full disclosure doesn't mean blasting out viruses to a mailing list. This
is very poor practice. A more common (and accepted) practice is to upload
the program in question to an FTP server, then post a link to the program.
This serves several purposes: (1) It lessens the exposure of the list
members, (2) it cuts down on list traffic, and (3) it provides a static
place for programs to be uploaded for reference.
> I had thought that we'd have people on this list that have
> sufficiently armored themselves against attack that we wouldn't have
> things like "virus detected" warnings being posted via automated
> programs.
If it's a new virus, worm, or what-have-you, how can one defend against a
new threat? Bottom line is, you are putting people at unnecessary risk by
posting stuff like this when there are much better ways of handling the
situation.
Powered by blists - more mailing lists