Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S

From: "Ed Carp" <erc () pobox com>
Date: Wed, 9 Apr 2003 12:24:26 -0500
      Now, this list is called "full-disclosure".  How are we to
intelligently discuss some subject, if we don't have a complete copy
of the thing that it is that we are supposed to be discussing?


Full disclosure doesn't mean blasting out viruses to a mailing list.  This
is very poor practice.  A more common (and accepted) practice is to upload
the program in question to an FTP server, then post a link to the program.

This serves several purposes: (1) It lessens the exposure of the list
members, (2) it cuts down on list traffic, and (3) it provides a static
place for programs to be uploaded for reference.


      I had thought that we'd have people on this list that have
sufficiently armored themselves against attack that we wouldn't have
things like "virus detected" warnings being posted via automated
programs.


If it's a new virus, worm, or what-have-you, how can one defend against a
new threat?  Bottom line is, you are putting people at unnecessary risk by
posting stuff like this when there are much better ways of handling the
situation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: