lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: steve.wray at paradise.net.nz (Steve Wray)
Subject: Fwd: Re: Administrivia: Binary Executables w/o Source

Its invaluable to be able to get access to some of
these binaries, for development of IDS sigs and so forth,
to give just one example.

I would hate to see a blanket ban, however if it were possible
to have attachments stored on a website and the email
attachment replaced with a link to the binary on the website,
that would be a good happy middle way I reckon.

> -----Original Message-----
[snip]
> > There are a *few* cases where binary attachments are appropriate.
> >
> > How about attachments invoke automatic moderation  (i.e. 
> any messages
> > with attachment get shunted to the moderator for approval).
> >
> 
> This sounds like a decent workgap, if the moderators are 
> going to wish to
> invest the added resources.  Of course, it might be expanded 
> if they are
> willing to provide more resources <list members us all, being gluttons
> here for 'services'>, and rather then decide to approve 
> binaries, to post
> it to a website themselves, thus not *offending* anyone silly 
> enough to
> execute them, and allowing readers to decide if grabbing it 
> is of merit to
> them.  This does make an argument about enabling idiots to do 
> more stupid
> things, but, then again, they are most likely already 
> available to these
> folks already...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ