lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nobody at (starwars)
Subject: Re: E-Mail viruses

Curt Purdy wrote:
> Valdis.Kletnieks wrote:
> > So let's see.. the same bozos who read the text part of the
> > virus, get the password, and
> > use that to unzip the rest of the virus won't read the text
> > part, get the rename to do,
> > and.....
> >
> > Color me dubious....
> Methinks you misunderstand.  Only the proprietary extension, i.e. .inc or
> .xyz or .whatever, would be allowed through, and since virus writers would
> never use this extension, it would eliminate ALL viruses at the gateway.
> The nice thing about this approach is that it completely eliminates the need
> for any anti-virus on the mail server since all virus attachments are
> automatically dropped without the need for scanning.  Quite a simple, yet
> elegant solution, if I do say so myself.

Elegant, indeed. Have an MCSE on that.
I wonder why virus writers didn't think of that yet.


Dear Microsoft Windows User,

[insert usual "install this patch immediately" here]

For security reasons, the upgrade installer has been renamed to update.eex 
and cannot be executed directly. [insert "this tremendously elegant 
solution keeps you safe from viruses, because..." here].

To install this critical service pack, save the attachement to disk, rename 
it to update.exe and double-click it.

Thanks for your attention, etc. pp.

[attach your favourite update.eex]


Thank your for this inspiration.

Powered by blists - more mailing lists