lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3E94D31D.9060702@brvenik.com>
From: security at brvenik.com (Jason)
Subject: MCAFEE E-MAIL SCAN ALERT!~FWD: INTERNET
 S

[snip]
> 
> 
> I can't take it anymore.  I'm sorry, I know I'm just contributing to the
> "noise" now in this flame war, but I have to say it.
> 
> If you don't want to recieve _nasty_ things, unsubscribe!  A security
> list (and one titled "Full Disclosure" at that) is gong to recieve virii
> - duh!  It's also going to contain other vulnabilities.  When someone
> includes a "example" of a buffer overflow in opera via a html link - do
> you also complain?  Come on people.  Some people even _like_ looking at
> virii.
> 
[snip]

Why not, a little more noise won't hurt. Let me hop on the wagon too, 
only I hope it is higher quality noise.

I agree with your thoughts, if you are wary of dangerous content being 
sent to you get off the security lists or use the digests and archives.

Look at how your "protections" expose you when dealing with lists too. 
Then look at those annoying out of office notifications. Nothing like 
telling a lot of people the perfect contact points in an org doing some 
type of security, ohh and by the way, they are out of the office!

I also understand that many are new and trying to learn safe computing 
practices in a hostile environment. If everyone were clued in we 
wouldn't need all this.

getting back to the point. There are more reasonable ways to provide 
access to the same information for the greater good while not putting 
the clueless at risk. There are also better ways of communicating these 
ways. Off the top of my head in no specific order.

1) compress it, encrypt it and password protect it. Make the password 
easy and include it in the mail. This protects the truely stupid among us.

2) Place it on a server where it can be downloaded by the 
curoius/capable. This also provides for redistribution protections by 
disclaiming...

3) Provide a link to the source of the dangerous content, if it is 
known. This is even better from a liability perspective.

Each would be more appropriate at different times given different 
circumstances.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ