Full Disclosure mailing list archives
Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S
From: Jason <security () brvenik com>
Date: Wed, 09 Apr 2003 22:12:45 -0400
[snip]
I can't take it anymore. I'm sorry, I know I'm just contributing to the "noise" now in this flame war, but I have to say it. If you don't want to recieve _nasty_ things, unsubscribe! A security list (and one titled "Full Disclosure" at that) is gong to recieve virii - duh! It's also going to contain other vulnabilities. When someone includes a "example" of a buffer overflow in opera via a html link - do you also complain? Come on people. Some people even _like_ looking at virii.
[snip]Why not, a little more noise won't hurt. Let me hop on the wagon too, only I hope it is higher quality noise.
I agree with your thoughts, if you are wary of dangerous content being sent to you get off the security lists or use the digests and archives.
Look at how your "protections" expose you when dealing with lists too. Then look at those annoying out of office notifications. Nothing like telling a lot of people the perfect contact points in an org doing some type of security, ohh and by the way, they are out of the office!
I also understand that many are new and trying to learn safe computing practices in a hostile environment. If everyone were clued in we wouldn't need all this.
getting back to the point. There are more reasonable ways to provide access to the same information for the greater good while not putting the clueless at risk. There are also better ways of communicating these ways. Off the top of my head in no specific order.
1) compress it, encrypt it and password protect it. Make the password easy and include it in the mail. This protects the truely stupid among us.
2) Place it on a server where it can be downloaded by the curoius/capable. This also provides for redistribution protections by disclaiming...
3) Provide a link to the source of the dangerous content, if it is known. This is even better from a liability perspective.
Each would be more appropriate at different times given different circumstances.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Larry Sanders (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Jason (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Valdis . Kletnieks (Apr 10)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Gossi The Dog (Apr 11)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Valdis . Kletnieks (Apr 10)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Jason (Apr 09)