| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <007501c40307$597f5cf0$2d2ea8c0@LUFKIN.DPSOL.COM> From: purdy at tecman.com (Curt Purdy) Subject: [inbox] Re: Re: E-Mail viruses Paul Szabo wrote: > Yes, it eliminates a large class of viruses. But, it would not do > anything to "local" attacks (a virus modified specifically to handle > your particular setup; and if it becomes widely used then "real" > viruses will also do the same). > > Also it does nothing to viruses that do not use attachments: attacks > on a "Subject:" buffer overflow, or a virus delivery via the web with > a link or "Content-type: message/external-body". This was meant to deal only with email virus attachments that are currently dealt with by email AV servers. As for the first point, technically true, but highly unlikely as long as everyone who implements this strategy don't use the same extension. If you pick a relatively random sequence, a.k.a as in .dps for my company, you would not be the target of a virus, whose purpose is to infect as many systems as possible. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Powered by blists - more mailing lists