Full Disclosure mailing list archives
Re: Re: E-Mail viruses
From: Valdis.Kletnieks () vt edu
Date: Mon, 08 Mar 2004 02:18:56 -0500
On Sat, 06 Mar 2004 01:47:13 +0100, starwars said:
For security reasons, the upgrade installer has been renamed to update.eex and cannot be executed directly. [insert "this tremendously elegant solution keeps you safe from viruses, because..." here].
On Sat, 06 Mar 2004 17:54:55 +1300, Nick FitzGerald <nick () virus-l demon co uk> said:
Yes, but to get through to Kurt's users, the malware (or its sender) has to guess (or know if it is a directed or insider attack, in which case "protection" is fundamentally harder anyway) the "right" extension. Limiting ourselves to three-character-only, non-case sensitive ASCII alphanumerics, that is a one in 3^36 chance. Anything else will be stopped as "unwanted", so a virus trying to "fake out" this approach still won't get to the users behind a perimeter filtering mechanism enforcing this kind of policy...
It's not 3^36, which is multiple billions, it's only 36^3, which is 46,656. And only one has to get through to an idiot. Anybody else got a mail server that blocked more than that many Netsky's this weekend alone? Draw the obvious conclusion here... And *that* was why I was dubious as to the real usefulness...
Attachment:
_bin
Description:
Current thread:
- RE: [inbox] Re: Re: E-Mail viruses, (continued)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- Re: [inbox] Re: Re: E-Mail viruses Valdis . Kletnieks (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Ron DuFresne (Mar 05)
- Re: Re: E-Mail viruses Cael Abal (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- Re: E-Mail viruses Cael Abal (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Chris DeVoney (Mar 05)
- Re: E-Mail viruses starwars (Mar 05)
- Re: Re: E-Mail viruses Nick FitzGerald (Mar 06)
- Re: Re: E-Mail viruses Valdis . Kletnieks (Mar 08)
- Re: Re: E-Mail viruses Nick FitzGerald (Mar 08)
- RE: [inbox] Re: Re: E-Mail viruses Curt Purdy (Mar 09)
- Re: [inbox] Re: Re: E-Mail viruses gadgeteer (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Patrick Nolan (Mar 05)
- Re: [inbox] Re: Re: E-Mail viruses Nick FitzGerald (Mar 05)
- RE: [inbox] Re: Re: E-Mail viruses Aditya, ALD [Aditya Lalit Deshmukh] (Mar 07)
- RE: [inbox] Re: Re: E-Mail viruses Nick FitzGerald (Mar 07)
- Re: [inbox] Re: Re: E-Mail viruses Jorge Daza (Mar 07)
- Re: [inbox] Re: Re: E-Mail viruses Nick FitzGerald (Mar 07)
- Re: [inbox] Re: Re: E-Mail viruses Sam Sharpe (Mar 08)