lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Dec 2009 23:46:44 -0800
From: Tracy Reed <treed@...raviolet.org>
To: Randall M <randallm@...mail.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: stupid question again

On Fri, Dec 11, 2009 at 10:13:09PM -0600, Randall M spake thusly:
> On Dec 11, 2009, at 9:26 PM, Tim <tim-security@...tinelchicken.org> wrote:
> > The answer is:  Once you're infected, you shouldn't be trying to clean
> > things.  Reinstall.
> >
> > Need files off of that box first?  Mount the drive under another OS,
> > or better yet, use the sleuthkit to get them off.
>
> NO!! Not the answer. Average user won't and don't know how and usually  
> don't recieve install disks

It most definitely IS the answer. Just because the average user
doesn't know how to do it doesn't mean it isn't the answer. They
shouldn't be entering their credit card info and other personal data
onto a machine which may still be infected. If they can't do it they
need to pay someone who can.

And nobody should be buying software that doesn't come with install
disks. That is just setting yourself up for failure. I know those
people do. And they are getting their personal info stolen too.

-- 
Tracy Reed
http://tracyreed.org

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists