lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40462DDA.7090308@mpex.net>
From: gpel at mpex.net (Gregor Lawatscheck)
Subject: Backdoor not recognized by Kaspersky

Cael Abal wrote:

> Historically, passworded .zip files have been the only remotely
> acceptable way to e-mail executables.  I'm hesitant to give that up.

ACK. Some AV vendors even request samples of exectuables in passworded 
zips.

> I'd still rather allow all passworded .zips and rely on the client's AV
> to nab it.

People using pgp / gpg to exchange executables between them would 
possibly be the way to go. Then again people who have heard about p/gpg 
aren't the ones who click on executables randomly anyway. There's still 
an education issue with new Internet users of which there seem to 
thousands a day who fall for these worms. After all there are driver 
licenses for normal highways but none for the "information super highway".


Powered by blists - more mailing lists