lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000801c365d7$bbb32640$2b02a8c0@dcopley>
From: dcopley at eeye.com (Drew Copley)
Subject: Administrivia: Binary Executables w/o Source

If anybody is stupid enough to run a binary file from here they deserve
any negative consequences which may result from that. 

Okay, I know other people are thinking that because it is just so true.

This said, someone sent a copy of this lastest fixer msblast variant. I
appreciated that. But, proper netiquette says to not send binaries nor
pictures to internet lists (newsgroups or mailing lists). It is best to
send by url, such urls are very valuable.

(Personally, I have never cared about binaries nor pictures being sent
as long as their size were small... It is just html email which I hate.)

Just some food for thought from a contrary viewpoint.


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> S . f . Stover
> Sent: Monday, August 18, 2003 9:06 AM
> To: Len Rose
> Cc: Raj Mathur; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Administrivia: Binary 
> Executables w/o Source
> 
> 
> On 18 Aug 03 03:40:34PM Len Rose[len@...sys.com] wrote:
> : My message was not about the size ofd
> : the file but rather about the sheer useless re-transmission
> : of a binary (any executable) that no one in their right mind
> : would actually run which is why I suggested that source code
> : should be included next time.
> 
> Would that really matter though?  I mean, how would I know 
> that the binary included came from the attached source?
> 
> Plus, I do have quarantined machines I blow away and rebuild 
> regularly that I don't mind putting unknown binaries on from 
> time to time.  Any my mileage definitely does vary  ;-)
> 
> Just my 0.02.  I figure there's no list like FD for unknown 
> binaries...
> 
> -- 
> attica@...ckheap.org
> GPG Key ID: 0xF8F859D0 
> http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index


"There is no such thing as right and wrong, there's just popular
opinion." -Jeffrey Goines


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ