lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: tim-security at sentinelchicken.org (Tim)
Subject: FD should block attachments

> This will be more useful once there's a way to do all of the following:
> 
> 1) Upload the file to a webserver (which Joe User often doesn't have)

Granted, some people don't have good access to web hosting resources.

> 2) Set permissions on the file so only the recipients can get it.

This is a public list, with public archives.  This isn't a consideration.

> 3) Figure out the resulting URL for inclusion in the mail.

If you know how to put content on a webserver, this isn't really a hurdle.

> 4) Deal with removing the file after a week or so.

Why?  

> 5) All the *other* cruft involved in that whole process.

Not sure what you mean by this.


I don't disagree that it can be difficult for some, but I doubt there
are that many Aunt Tillies on this list.  Perhaps some of the Security
Focus lists, but full-disclosure?  Aunt Tillie would last about 24 hrs
on this list before unsubscribing due to the shear volume of crap here.
Including the administrivia we are now discussing. ;-)

tim


Powered by blists - more mailing lists