Full Disclosure mailing list archives
Re: Re: E-Mail viruses
From: "Curt Purdy" <purdy () tecman com>
Date: Sat, 6 Mar 2004 10:23:30 -0600
docco wrote:
What Curt Purdy is saying looks to me like a great_pain_in_the_ass_solution. In case the "supersecret" extension would get leaked or compromised, which I beleive would be absolutely not hard to achieve (by means of social engineering, sniffing or just brute force - combinations of three letters,
<snip> Jeese, it's amazing how a thread can get so twisted overnight. My original point was that is was never necessary to hide the proprietary extension and it would never need to change. The purpose of blocking everything but this extension, in our case .dps (see, I'm not scared) is to squash 99.999% (experience has been 100% so far) of all possible infected attachments before it ever gets to our email AV server. Of course that percentage may now drop if some "security expert" on this list decides to rename netsky and send it to us. However that would be a waist of time unless it was a 0-day, and I doubt anyone would want to waist that on us. In addition, it is much easier to train users to change the extension than to "not open attachments" because they are self-motivated to do the former if they ever want another attachment. If you try to educate users to do the latter, you are just setting yourself up to continually battle the social engineering used by virus coders. While I'm on the subject, just this morning on a nationally syndicated show, I heard a piece on the current "virus war" and was amazed when I heard it end with "a security expert" say "only open attachments from someone you know". We disabled notifications on our AV server months ago. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: Re: E-Mail viruses, (continued)
- RE: [inbox] Re: Re: E-Mail viruses Aditya, ALD [Aditya Lalit Deshmukh] (Mar 07)
- RE: [inbox] Re: Re: E-Mail viruses Nick FitzGerald (Mar 07)
- Re: [inbox] Re: Re: E-Mail viruses Jorge Daza (Mar 07)
- Re: [inbox] Re: Re: E-Mail viruses Nick FitzGerald (Mar 07)
- Re: [inbox] Re: Re: E-Mail viruses Sam Sharpe (Mar 08)
- Re: Re: E-Mail viruses Jorge Daza (Mar 07)
- RE: [inbox] Re: E-Mail viruses Curt Purdy (Mar 05)
- Re: Re: E-Mail viruses docco (Mar 06)
- Re: Re: E-Mail viruses Curt Purdy (Mar 06)
- Re: Re: E-Mail viruses Eddie (Mar 06)
- RE: Re: E-Mail viruses Aditya, ALD [Aditya Lalit Deshmukh] (Mar 08)
- Re: Re: E-Mail viruses docco (Mar 08)
- Re: Re: E-Mail viruses Bruno Wolff III (Mar 08)
- Re: Re: E-Mail viruses docco (Mar 06)