lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <JAEGIICLHAJHLINAEHLBGEHBCNAA.erc@pobox.com>
From: erc at pobox.com (Ed Carp)
Subject: MCAFEE E-MAIL SCAN ALERT!~FWD: INTERNET S

> 	Now, this list is called "full-disclosure".  How are we to
> intelligently discuss some subject, if we don't have a complete copy
> of the thing that it is that we are supposed to be discussing?

Full disclosure doesn't mean blasting out viruses to a mailing list.  This
is very poor practice.  A more common (and accepted) practice is to upload
the program in question to an FTP server, then post a link to the program.

This serves several purposes: (1) It lessens the exposure of the list
members, (2) it cuts down on list traffic, and (3) it provides a static
place for programs to be uploaded for reference.

> 	I had thought that we'd have people on this list that have
> sufficiently armored themselves against attack that we wouldn't have
> things like "virus detected" warnings being posted via automated
> programs.

If it's a new virus, worm, or what-have-you, how can one defend against a
new threat?  Bottom line is, you are putting people at unnecessary risk by
posting stuff like this when there are much better ways of handling the
situation.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ