lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200403230133.i2N1XZv7016395@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: viruses being sent to this list 

On Tue, 23 Mar 2004 02:11:13 +0200, Gadi Evron <ge@...tistical.reprehensible.net>  said:

> We can go into an endless discussion on liability. As FD is being used
> to spread malware, repeatedly, and filtering that malware is a matter of
> responsibility..

My mail server racked up 377,545 viruses recognized last week alone:

Breakdown:
158476  NETSKY.C               (41.98%)
 55024  NETSKY.D               (14.57%)
 38905  BAGLE-ZIP              ( 10.3%)
 24640  NETSKY.O               ( 6.53%)
 21338  NETSKY.B               ( 5.65%)
 16452  BAGLE.K                ( 4.36%)
 13908  BAGLE.J                ( 3.68%)
 12349  NETSKY.J               ( 3.27%)
  8047  DUMARU.K               ( 2.13%)
  5512  MYDOOM.A               ( 1.46%)

I don't think that FD is the problem here.  The problem is that the average
computer is basically designed for web surfing and virus propagation.

> One would think the FD managers would do something about this.
> 
> This is not about the infected user, the VX'ers, or the ISP's.

It's *all* about the infected user, the A/V companies, and the ISPs.

Let's look at the archives of the list, postings from you this month:

http://lists.netsys.com/pipermail/full-disclosure/2004-March/018957.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018992.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018996.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018998.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019092.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019104.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019110.html

So which of those is a virus with your name forged on it?  Oh, there aren't
any?  (Looking at the archives for the entire month, I'm not seeing *any* from
*anybody* - am I missing some?  Where are the "repeated" malware
distributions?)

Looks to me like you want FD to take action about mail that's not even
passing through its servers - and that's the sort of dangerous precedent that
make things like Echelon and Omnivore unpopular.

If you can't deal with the fact that subscribing to this list may expose you to
the occasional malware or other small-arms fire, I suggest you do something
productive about it:

Each posting to the list has a RFC2369 header:

List-unsubscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>, 	<mailto:full-disclosure-request@...ts.netsys.com?subject=unsubscribe>

Use it.  There's plenty of other, more heavily moderated, mailing lists out
there.  

If you can't deal with the fact that worms are doing address scraping to forge
the From: line, you may wish to consider whether a career in computer security
is really your calling.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040322/bf5407f7/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ