Full Disclosure mailing list archives
Re: Apparently the practice was prevalent
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 09 Feb 2004 11:01:29 +1300
hggdh <hggdh () comcast net> to Paul: <<snip>>
As Valdis said earlier, user:password@site is a DE FACTO standard. It goes against the RFC? Well, get over it. Such is life. It has not been the first time, and it will not be the last one. What defines a de facto standard is prevalence of use. Nobody can argue that the IE browser is not prevalent...
Sending complete copies of virus-carrying Email messages to sender addresses the virus scanning Email gateways know are forged is a DE FACTO standard. As "hggdh" says, what defines a de facto standard is prevalence of use and we all know that virtually all Email gateway virus scanners do this. Nobody can argue that "bouncing" such viral Email messages to known non-senders is not prevalent... If the AV developers "broke" this behaviour the virus writers who had been depending on it as a distribution mechanism would, presumably, be all upset and have to "quickly redesign" their systems to trick the "fixed" virus scanners to keep redistributing their viruses for them. Oddly this "but it's a de facto standard" argument simply does not stack up when applied elsewhere... (Yes, I know "hggdh" went on to explain he disagrees, but his was the most succinct expression of the idiocy others -- such as Esser and the folk quoted in Lemos' article -- apparently adhere to, and thus best to lampoon thus.) Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apparently the practice was prevalent Paul Schmehl (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent Stefan Esser (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent hggdh (Feb 08)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Scott Taylor (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Mattias Ahnberg (Feb 10)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Ron DuFresne (Feb 09)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- RE: Apparently the practice was prevalent Nick FitzGerald (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- <Possible follow-ups>
- RE: Apparently the practice was prevalent Schmehl, Paul L (Feb 09)
- Re: Apparently the practice was prevalent Cael Abal (Feb 09)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 10)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)