lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com)
Subject: Re: [FD] FD should block attachments


Paul,

It seems we are trading valid concerns...

One potential solution might be a common web-based repository (hosted by 
some kind soul who has the willingess and wherewhithal to do it...any 
reputable volunteers?) that could be used by all members to drop files, 
then point to them within the messages to the group via URL.  Of course 
that has the potential to be misused in a variety of ways and would have 
to be administered, and really, someone is still footing the bill.  I 
don't know that I would really liken the people sending files along to 
this group to spammers...but the analogy is useful in terms of making your 
point.

Bart Lansing
Manager, Desktop Services
Kohl's IT




Paul Schmehl <pauls@...allas.edu> 
Sent by: full-disclosure-admin@...ts.netsys.com
04/05/2004 11:05 AM

To
full-disclosure@...ts.netsys.com
cc

Subject
RE: [Full-Disclosure] Re: [FD] FD should block attachments






--On Monday, April 05, 2004 09:04:36 AM -0500 Bart.Lansing@...ls.com 
wrote:

>
> Paul,
>
> Just a thought here...as you're right, having some modicum of
> consideration for those who have cost issues with bandwidth (I'll 
content
> that we are not spoiled, and that we...ok...most of us...pay for the
> bandwidth we use...TANSTAFL).  However, you are assuming that anyone who
> wishes to potentially send a file along here can just as easily host
> one.  Not, I think, a valid assumption...and one which, for many...would
> cost money.  So, who gets to pay?  Either someone is paying to download,
> if they are on a  pay-as-you go model, or someone is going to pay to
> host...either way, it's not quite as simple as you've made it out to be.
>
You make an interesting point, and it has some validity.

What immediately came to my mind when I read that was the spammers.  They 
expect to shift the cost of what they do to the recipients.  Is that what 
should be the standard for security researchers as well?

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received.  Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040405/2dab2267/attachment.html

Powered by blists - more mailing lists