Full Disclosure mailing list archives
Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S
From: Ron DuFresne <dufresne () winternet com>
Date: Wed, 9 Apr 2003 12:20:17 -0500 (CDT)
Brad, I think you miss the bottom key point Nick made. It concerned the use of common sense, you sidestepped it. And that can be damaging in a technical environment. One might fully reasonably assume most folks are protected in some fashoin from mass infection when something might get released to such a list as this, and that assumption will be incorrect. No matter what the target audience of the list, no matter how 'technically inclined" the readership is assumed. Look at how many folks that should know better spam the list not only with anti-virus trash, or spam avoidance crap, but also; vacation messages, anti minor-profanity BS, and what not. There was not real need at the time to include the virus/trojan into the message you posted, at least not in an openly virant manner, sheesh, even a gzip or uuendcoe or something would have shown a tad more forethought. But, really, the headers with the info you provided in the form of a question should have sufficed, until and or unless someone asked for more specifics. Perhaps a point you can agree with? Thanks, Ron DuFresne On Wed, 9 Apr 2003, Brad Knowles wrote:
At 2:06 PM +1300 2003/04/09, Nick FitzGerald wrote:What he, and several others of us, said makes you stupid is that you _forwarded the whole message when you suspected the attachment was a virus or something similar_.For the moment, let's assume that this was a result from a new virus, Trojan Horse, or hoax that had not previously been encountered. Now, this list is called "full-disclosure". How are we to intelligently discuss some subject, if we don't have a complete copy of the thing that it is that we are supposed to be discussing?Your inability to accept that that was extremely stupid is seen as quite reasonably reinforcing that belief.I had thought that this was the list where all the real security experts went, after BugTraq started taking a more intrusive editorial stance. I had thought that we'd have people on this list that have sufficiently armored themselves against attack that we wouldn't have things like "virus detected" warnings being posted via automated programs. I had thought that we could have a reasonable discussion, and that if there was something I had missed, people would provide me with a pointer to the appropriate information source, without the infantile need to resort to name-calling. A number of people were, indeed, kind enough to provide links to the virus description web pages (ones that I had searched for but obviously missed), and I greatly appreciate the speed of their response. Are you, and others, now going to make me regret that this is the place where I thought that a free and open discussion was actually possible? -- Brad Knowles, <brad.knowles () skynet be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Fwd: Internet Security Update, (continued)
- Re: Fwd: Internet Security Update KF (Apr 08)
- Re: Fwd: Internet Security Update Gregory Le Bras | Security Corporation (Apr 08)
- Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)
- Re: Fwd: Internet Security Update Brad Knowles (Apr 08)
- Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)
- Re: Fwd: Internet Security Update Nicob (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Nicolas Villatte (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Brad Knowles (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Nick FitzGerald (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Brad Knowles (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Michael Osten (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ron DuFresne (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ward Vandewege (Apr 09)
- RE: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ed Carp (Apr 09)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] madsaxon (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Jurjen Oskam (Apr 10)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Brad Knowles (Apr 08)
- RE : RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Nicolas Villatte (Apr 08)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Jurjen Oskam (Apr 10)
- Re: Fwd: Internet Security Update Brad Knowles (Apr 08)
- RE: Fwd: Internet Security Update Ed Carp (Apr 08)
- Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)