lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: etomcat at freemail.hu (Feher Tamas)
Subject: viruses being sent to list

Hello,

>>I have recieved two virus infected emails from this list in
>>the last week. Is it possible to have our list admin run clamav.
>
>You are joking?  Right?  In case you had not noticed this is
>"Full Disclosure". Can not very well talk about virii with filters on.

Hot-headed guys like you will quickly wreck the Internet! If people 
consider hackers un-negotiable and equal to terrorists, the Net will 
soon go under the UN charter and be subject to repression by national 
governments.

Why do you want to destroy the current framework we are all quite 
happy with? If hackers studied and respected the guidelines, liberties 
and bounds applying in the USA, the country that created the Internet, 
our current freedoms could be maintained longer.

1., First Amendment defines free speech. Source code has been proven 
free speech. Executables are not covered by free speech, however.

2., Therefore binaries do not belong to full disclosure. If you post a 
binary to FD and that binary later becomes part of a worm or backdoor 
kit, any company that became affected by the malware could sue the 
orgainzation hosting the FD list servers.

Indeed, USA is the most litigous state in the whole word. This would 
mean FD ceases to exist soon, to prevent further lawsuits from hitting 
the maintainer / hoster entity. And you end up with no place left to 
discuss! Source code postings are exempt from litigation because of the 
First Amendment.

3., Filters only deal with binaries, not source code. AV firms refuse to 
detect source code.

4., Therefore, you are free (encouraged) to submit exploit source code 
to Full Disclosure, even with AV filters in place.

5., IT security aware people can deal with source code, executables 
add nothing to this.

6., Filters protect against e-mail worm / virus binaries entering the FD 
digest: viruses that were auto-sent from infected machines without any 
kind of human intention. These viruses carry no information for FD 
audience, in fact they were not meant for FD, the worm's parse routine 
just used the first string with a @ inside it could find on the HDD. This is 
the very issue the original poster complained about!

7., If you must share exploit binaries or other not so innocent code with 
other FD readers for whatever strong reasons, please simply provide a 
URL to access it and do not stuff Base64 blocks into this mailing list. 

[Especially conidering that the whole FD is forever archived on the Web 
in a Mailman system. In fact I myself always read FD via the Web 
interface. If you post binaries into FD, you effectively turn it into a Web 
virus repository.]

8., Implement that anti-virus filtering and put a disclaimer in the FAQ! 
We certainly don't need lawyers interfering with this FD list, so please 
don't provoke their involvement by carelessness. Some free AV solution 
probably wouldn't cost a dime.

Regards: Tamas Feher.


Powered by blists - more mailing lists