lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ELEOLHOJFMBPBFCJHOCIOEJODLAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh])
Subject: [inbox] Re: Re: E-Mail viruses

> I think the kind of approach Kurt has suggested can only realistically 
> work in corporate and institutional environments (and with the 
> occasional well-disciplned individual), where it would also be 
> realtively easy to further restrict the odds of sustaining damage via 
> this entry route by only allowing designated users to receive such 
> content.  Further restrictions, such as "it must have the '.ABC' 
> extension and internally be a RAR archive" could easily be added for 

this would not greatly add to security but it would be addeded layer. all the archives have a magic header that will allow them to be scanned and identified, this is how it works on unix. maybe some thing of that sort is required....

even then how would it solve the prob of encrypted attachments. most archirve formats have an options where the file names are visible but some like rar have a option to encrypt file name also ie you cannot see the names of the files in the archive untill you have the password..

-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ