Security Incidents mailing list archives
RE: Novarg
From: "Jeremy Hyland" <hylandj () u washington edu>
Date: Thu, 29 Jan 2004 18:57:54 -0800
I also find limiting all inbound traffic significantly reduces the chances of all manner of network security issues, but that doesn't make it a good policy. The issue here is the classic debate of usability vs. security. Well yeah .zip files represent a risk, but they can also be a powerful tool for getting work done. I'm not about to start recommending .zip files be blocked on my network because I know my users need the functionality provided by .zip files. Your situation may be very different, and blocking .zip files might be the best choice. Either way, I highly recommend that the needs of users be considered before usability is curtailed. -Jeremy Jeremy J. Hyland -----Original Message----- From: Ivan Coric [mailto:ivan.coric () workcoverqld com au] Sent: Wednesday, January 28, 2004 4:58 PM To: jim () jimz net; incidents () securityfocus com Subject: Re: Novarg Hi Jim, Maybe you could explain this statement a little better? "after all, completely blocking zip files in attachments is a very, very sharp double-edged knife." We block all 'zip' attachments and have found it excellent way to prevent new virus' from entering the network, prior to signatures files being released. And that also goes for, .pif, .scr, .exe etc. Kind Regards Ivan Ivan Coric, CISSP IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
Jim Zajkowski <jim () jimz net> 01/29/04 04:33am >>>
I'm waiting for the virus that automatically zips itself with a different, random password and e-mails the victim with something like "hey, check this out -- I encrypted it with password <foo>." It'll be interesting to watch the policies fly -- after all, completely blocking zip files in attachments is a very, very sharp double-edged knife. --Jim --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Novarg, (continued)
- RE: Novarg Jeremy Strachan (Jan 28)
- RE: Novarg Stephen Warren (Jan 29)
- Re: Novarg Robin Sheat (Jan 30)
- RE: Novarg steve bernacki (Jan 30)
- Re: Novarg Skip Carter (Jan 30)
- RE: Novarg Duston Sickler (Jan 29)
- RE: Novarg sloppy seconds (Jan 30)
- RE: Novarg Stephen Warren (Jan 29)
- RE: Novarg Robert Morales (Jan 28)
- RE: Novarg Rickert Gerhard (rgerhard) (Jan 29)
- Re: Novarg Ivan Coric (Jan 29)
- RE: Novarg Jeremy Hyland (Jan 30)
- RE: Novarg Ivan Coric (Jan 30)
- Re: Novarg Steve Bremer (Jan 30)
- RE: Novarg Jeremy Strachan (Jan 28)