Re: [Full-Disclosure] Religion. Was HEADS UP...
From: Jason (security_at_brvenik.com)
Date: 05/25/03
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our readers infected?"
- In reply to: morning_wood: "Re: [Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our readers infected?"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Religion. Was HEADS UP..."
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] Religion. Was HEADS UP..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: morning_wood <se_cur_ity@hotmail.com> Date: Sun, 25 May 2003 01:26:46 -0400
This is a religous debate that will never die!
morning_wood wrote:
> then my apologies to the the list, the main body of the text is mostly a rip
> of the exe anyway,..
Security is an evolution, I would not apologize because someone got
upset about an email with a virus. If anything at all I would apologize
for not considering your actions more carefully. I imagine you just
helped evolution a little bit more somewhere. ;-)
[snip]
>>Another option is for the list-serve software to remove all attached
>>executable files from incoming messages it receives before the messages
>>are blasted out to the world. This is a good policy for any email list,
>>but particularly important for a computer security list.
I disagree completely with this but it is a religous debate isn't it. A
security list needs the freedom to pass any and all relevant information
without hinderance otherwise you get bugtraq. The decision about
relevance is relative in itself and for me to decide.
Stripping attachments offers less security by providing a false sense of
security IMHO.
>>
>>FWIW, Outlook 2002 automatically discarded the Update880.exe file on my
>>system, so I couldn't even look at it if I wanted to. A password
>>protected .ZIP file is the generally accepted standard for sending out
>>malware samples. However, I don't think malware is appropriate for this
>>list.
While a password protected zip archive or a double zipped archive or a
link to the content over http and ftp is generally more acceptable,
malware should be expected in everything you do these days. There is no
other answer!
The double zipped archive could just as easily be a DoS against your
mail server or the archive itself could exploit a vulnerability in the
most common decompressors...
To stray further off topic a moment and further add to the noise.
I happen to like reversing virii and have grown to love them for the art
and beauty they can convey. It is a sad state that today we are mostly
presented with mass mailing trojans and worms.
I would love to get my hands on a Linux virus that was polymorphic and
underhanded for the sole purpose of survival. I've yet to have one come
by in the wild that was truely effective.
Give it ptrace, ioperm, and race condition detection and you have the
makings of a good old fashioned linux virus that overcomes the root
barrier. Human error alone ensures its survival.
That is a discussion for focus-virus which is moderated and generally
useless.
[snip rest]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our readers infected?"
- In reply to: morning_wood: "Re: [Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our readers infected?"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] Religion. Was HEADS UP..."
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] Religion. Was HEADS UP..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
