lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <007501c40307$597f5cf0$2d2ea8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Re: Re: E-Mail viruses

Paul Szabo wrote:
> Yes, it eliminates a large class of viruses. But, it would not do
> anything to "local" attacks (a virus modified specifically to handle
> your particular setup; and if it becomes widely used then "real"
> viruses will also do the same).
>
> Also it does nothing to viruses that do not use attachments: attacks
> on a "Subject:" buffer overflow, or a virus delivery via the web with
> a link or "Content-type: message/external-body".

This was meant to deal only with email virus attachments that are currently
dealt with by email AV servers.

As for the first point, technically true, but highly unlikely as long as
everyone who implements this strategy don't use the same extension.  If you
pick a relatively random sequence, a.k.a as in .dps for my company, you
would not be the target of a virus, whose purpose is to infect as many
systems as possible.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ