lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040324144235.GG26168@sparky.finchhaven.net>
From: jsage at finchhaven.com (John Sage)
Subject: viruses being sent to this list

/*
   the thread that refused to die...
   ...now with extra! extra! life.
*/

On Wed, Mar 24, 2004 at 02:34:33PM +0200, Gadi Evron wrote:
> From: Gadi Evron <ge@...tistical.reprehensible.net>
> User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
> To: Full-Disclosure <full-disclosure@...ts.netsys.com>
> CC: John Cartwright <johnc@...k.org.uk>
> Subject: Re: [Full-Disclosure] viruses being sent to this list
> Date: Wed, 24 Mar 2004 14:34:33 +0200
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> As I got a response from the managers, I am happy. And I took it
> off-list.
> 
> They asked for us to send any responses to them directly rather than
> on-list, and I did. However, this has now become a different thread,
> so I will try and contribute.
> 
> The samples below could have been detected by any AV using
> signatures alone. Thus, without any heuristics, not risking false
> positives or requiring more time spent on moderation.

I don't use any AV software. Don't need it.

And I appreciate getting virii from this list (No! seriously!) and
several other lists I participate in because it gives me the
opportunity to examine and collect examples of what's out there.


> If anything, it should help out on moderating all the viruses that get
> sent from off-list addresses, by saving time, and with no risk of new
> stuff not getting to the list due to a false positive.

How would you filter against off-list addresses that are obviously
spoofed?  Limit the list's traffic to members only?


> Also, it might be a good idea to amend the list's charter to include
> an "if you use this list, it is under your own blah blah and viruses
> get sent, blah blah". For future protection.

In other words:

"You're an adult. Try 1) thinking; and 2) simply becoming responsible
for yourself."



- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ