[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OFB86CE633.2E8A59A0-ON86256E6D.005F3CF3-86256E6D.00604B9D@kohls.com>
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com)
Subject: Re: [FD] FD should block attachments
Paul,
It seems we are trading valid concerns...
One potential solution might be a common web-based repository (hosted by
some kind soul who has the willingess and wherewhithal to do it...any
reputable volunteers?) that could be used by all members to drop files,
then point to them within the messages to the group via URL. Of course
that has the potential to be misused in a variety of ways and would have
to be administered, and really, someone is still footing the bill. I
don't know that I would really liken the people sending files along to
this group to spammers...but the analogy is useful in terms of making your
point.
Bart Lansing
Manager, Desktop Services
Kohl's IT
Paul Schmehl <pauls@...allas.edu>
Sent by: full-disclosure-admin@...ts.netsys.com
04/05/2004 11:05 AM
To
full-disclosure@...ts.netsys.com
cc
Subject
RE: [Full-Disclosure] Re: [FD] FD should block attachments
--On Monday, April 05, 2004 09:04:36 AM -0500 Bart.Lansing@...ls.com
wrote:
>
> Paul,
>
> Just a thought here...as you're right, having some modicum of
> consideration for those who have cost issues with bandwidth (I'll
content
> that we are not spoiled, and that we...ok...most of us...pay for the
> bandwidth we use...TANSTAFL). However, you are assuming that anyone who
> wishes to potentially send a file along here can just as easily host
> one. Not, I think, a valid assumption...and one which, for many...would
> cost money. So, who gets to pay? Either someone is paying to download,
> if they are on a pay-as-you go model, or someone is going to pay to
> host...either way, it's not quite as simple as you've made it out to be.
>
You make an interesting point, and it has some validity.
What immediately came to my mind when I read that was the spammers. They
expect to shift the cost of what they do to the recipients. Is that what
should be the standard for security researchers as well?
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
CONFIDENTIALITY NOTICE:
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.
CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040405/2dab2267/attachment.html
Powered by blists - more mailing lists