| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <404DE0F9.19134.1D29F3AB@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Re: E-Mail viruses Valdis.Kletnieks@...edu wrote: > It's not 3^36, which is multiple billions, it's only 36^3, which is 46,656. Yes -- that was a transliteration error on my part... > And only one has to get through to an idiot. Which is why I suggested that it should not be used across the board, but further limited to specific, "trustworthy" users who really "must" be able to send/receive such stuff (of course, in real life there are immensely fewer of these than there are idiots who believe they are in that category and unfortunately, scarily many of these idiots have equally stupid (or even stupider) managers who will insist the idiots really are "power users"...). > Anybody else got a mail server that blocked more than that many Netsky's > this weekend alone? Draw the obvious conclusion here... > > And *that* was why I was dubious as to the real usefulness... Yes, and that complaint is negated by careful implementation of this by those who understand it is just another layer that could be useful in some circumstances. It would be unwieldy in a very large organization (perhaps like Boeing, DoD, etc) or one (of any size) like a university where there are strong demands for autonomy and user "freedom" or too many idiot managers. Like all security measures, it is as good as its weakest link, and although there are several opportunities for these in a scheme like this, that does not mean it still cannot be used effectively _in the right environment_. Regards, Nick FitzGerald
Powered by blists - more mailing lists