lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: Viruses from the list...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I don't disagree with you.  While I am extremely hesitant to agree to
| any type of automated filtering (be it spam or virus), I do agree that
| broadcasting virus messages to a large subscriber base is a bad idea (if
| for the bandwidth consumption alone).

Agreed. I do not like filtering and censorship much myself, believe it
or not. :/

| However, I just took a look at my inbox, and have determined that the
| vast majority of virus messages I have received in the last month were
| not sent to the list.  The messages were sent directly to me.  Based on
| my mail configuration, I can tell that the viruses stole my email
| address from some source related to the lists (web mail archives,
| old emails in peoples' inboxes), but the messages weren't generally sent
| through the list itself.

I also agree that most viruses I get are not from the list, but
searching the list's archive for subject lines with the word "thanks"
alone show that this problem is indeed real.

Sending these 20-100K viruses to thousands of users, whether twice a day
or once a week, is a lot of bandwidth indeed.

Our courteous list managers run the list and pay for the bandwidth,
surely this argument makes sense to support my opinion.

| Perhaps in the future we will see a rash of viruses hit the list, but
| right now, it isn't the list maintainers' problem.

This is where we disagree, but I respect your view. I interpret it
differently, but that's my issue.

Why not be prepared anyway, if I was to agree with you on this?

Thank you for your civil and detailed reply. But I am afraid that on how
we see things, we are mostly going to have to agree to disagree.

	Gadi.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFAX8uqqH6NtwbH1FARAj0LAKCIi16Dr3HpNHFPGUB4cu3Ysz1KHwCfXay8
uOdAHw7z2/6p8l1rLuC4WO4=
=5+Py
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ