Security Incidents mailing list archives
RE: Novarg
From: "Smith, David" <dsmith () teamumc com>
Date: Fri, 30 Jan 2004 11:05:28 -0600
We block *.zip, *.exe, etc. with little problem. If our user is getting mail with a stripped attachment that they need, they will call our help desk. It was easy to train our users to tell the sender to change the extension on the file to *.txt and provide a note in the body as to what the actual extension should be in the body of the letter. They can then save the attachment, change the extension, and move forward. We have about 1200 PC's; it would be worse having to disinfect each one. Users do not bother with any of the attachments unless they are really work related. It sure cut down on the junk stored on our Exchange server, as well as not having a single machine impacted by this latest episode. David Smith Technical Support Manager University Medical Center Lubbock, TX 79415 806-775-9080 -----Original Message----- From: Jeremy Hyland [mailto:hylandj () u washington edu] Sent: Thursday, January 29, 2004 8:58 PM To: 'Ivan Coric'; jim () jimz net; incidents () securityfocus com Subject: RE: Novarg I also find limiting all inbound traffic significantly reduces the chances of all manner of network security issues, but that doesn't make it a good policy. The issue here is the classic debate of usability vs. security. Well yeah .zip files represent a risk, but they can also be a powerful tool for getting work done. I'm not about to start recommending .zip files be blocked on my network because I know my users need the functionality provided by .zip files. Your situation may be very different, and blocking .zip files might be the best choice. Either way, I highly recommend that the needs of users be considered before usability is curtailed. -Jeremy Jeremy J. Hyland -----Original Message----- From: Ivan Coric [mailto:ivan.coric () workcoverqld com au] Sent: Wednesday, January 28, 2004 4:58 PM To: jim () jimz net; incidents () securityfocus com Subject: Re: Novarg Hi Jim, Maybe you could explain this statement a little better? "after all, completely blocking zip files in attachments is a very, very sharp double-edged knife." We block all 'zip' attachments and have found it excellent way to prevent new virus' from entering the network, prior to signatures files being released. And that also goes for, .pif, .scr, .exe etc. Kind Regards Ivan Ivan Coric, CISSP IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
Jim Zajkowski <jim () jimz net> 01/29/04 04:33am >>>
I'm waiting for the virus that automatically zips itself with a different, random password and e-mails the victim with something like "hey, check this out -- I encrypted it with password <foo>." It'll be interesting to watch the policies fly -- after all, completely blocking zip files in attachments is a very, very sharp double-edged knife. --Jim --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Novarg Nick FitzGerald (Feb 02)
- <Possible follow-ups>
- Re: Novarg mgotts (Feb 02)
- RE: Novarg Smith, David (Feb 02)