| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Apparently the practice was prevalent hggdh <hggdh@...cast.net> to Paul: <<snip>> > As Valdis said earlier, user:password@...e is a DE FACTO standard. It > goes against the RFC? Well, get over it. Such is life. It has not been > the first time, and it will not be the last one. What defines a > de facto standard is prevalence of use. Nobody can argue that the IE > browser is not prevalent... Sending complete copies of virus-carrying Email messages to sender addresses the virus scanning Email gateways know are forged is a DE FACTO standard. As "hggdh" says, what defines a de facto standard is prevalence of use and we all know that virtually all Email gateway virus scanners do this. Nobody can argue that "bouncing" such viral Email messages to known non-senders is not prevalent... If the AV developers "broke" this behaviour the virus writers who had been depending on it as a distribution mechanism would, presumably, be all upset and have to "quickly redesign" their systems to trick the "fixed" virus scanners to keep redistributing their viruses for them. Oddly this "but it's a de facto standard" argument simply does not stack up when applied elsewhere... (Yes, I know "hggdh" went on to explain he disagrees, but his was the most succinct expression of the idiocy others -- such as Esser and the folk quoted in Lemos' article -- apparently adhere to, and thus best to lampoon thus.) Regards, Nick FitzGerald
Powered by blists - more mailing lists