Full Disclosure mailing list archives
viruses being sent to list
From: Feher Tamas <etomcat () freemail hu>
Date: Fri, 30 Apr 2004 10:59:37 +0200 (CEST)
Hello,
I have recieved two virus infected emails from this list in the last week. Is it possible to have our list admin run clamav.You are joking? Right? In case you had not noticed this is "Full Disclosure". Can not very well talk about virii with filters on.
Hot-headed guys like you will quickly wreck the Internet! If people consider hackers un-negotiable and equal to terrorists, the Net will soon go under the UN charter and be subject to repression by national governments. Why do you want to destroy the current framework we are all quite happy with? If hackers studied and respected the guidelines, liberties and bounds applying in the USA, the country that created the Internet, our current freedoms could be maintained longer. 1., First Amendment defines free speech. Source code has been proven free speech. Executables are not covered by free speech, however. 2., Therefore binaries do not belong to full disclosure. If you post a binary to FD and that binary later becomes part of a worm or backdoor kit, any company that became affected by the malware could sue the orgainzation hosting the FD list servers. Indeed, USA is the most litigous state in the whole word. This would mean FD ceases to exist soon, to prevent further lawsuits from hitting the maintainer / hoster entity. And you end up with no place left to discuss! Source code postings are exempt from litigation because of the First Amendment. 3., Filters only deal with binaries, not source code. AV firms refuse to detect source code. 4., Therefore, you are free (encouraged) to submit exploit source code to Full Disclosure, even with AV filters in place. 5., IT security aware people can deal with source code, executables add nothing to this. 6., Filters protect against e-mail worm / virus binaries entering the FD digest: viruses that were auto-sent from infected machines without any kind of human intention. These viruses carry no information for FD audience, in fact they were not meant for FD, the worm's parse routine just used the first string with a @ inside it could find on the HDD. This is the very issue the original poster complained about! 7., If you must share exploit binaries or other not so innocent code with other FD readers for whatever strong reasons, please simply provide a URL to access it and do not stuff Base64 blocks into this mailing list. [Especially conidering that the whole FD is forever archived on the Web in a Mailman system. In fact I myself always read FD via the Web interface. If you post binaries into FD, you effectively turn it into a Web virus repository.] 8., Implement that anti-virus filtering and put a disclaimer in the FAQ! We certainly don't need lawyers interfering with this FD list, so please don't provoke their involvement by carelessness. Some free AV solution probably wouldn't cost a dime. Regards: Tamas Feher. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- viruses being sent to list John Lalla (Apr 29)
- Re: viruses being sent to list Tobias Weisserth (Apr 29)
- Re: viruses being sent to list Gary E. Miller (Apr 29)
- Re: viruses being sent to list gurney (Apr 29)
- Re: viruses being sent to list Valdis . Kletnieks (Apr 30)
- <Possible follow-ups>
- Re: viruses being sent to list John Lalla (Apr 29)
- viruses being sent to list Feher Tamas (Apr 30)
- Re: viruses being sent to list morning_wood (Apr 30)
- RE: viruses being sent to list Alerta Redsegura (Apr 30)
- Re: viruses being sent to list Gary E. Miller (Apr 30)
- Re: viruses being sent to list morning_wood (Apr 30)