disclosure and risk to list subscribers (Re: Another new worm???)

[dagon () DAGON NET (Mark Rafn)]

> > I would recommend that readers unsubscribe from the list if they or their
> > systems are not prepared to view and analyze information disseminated here.

I second this.  It's a full-disclosure list, and you must be prepared for
anything that comes down the pipe.

On Wed, 21 Jun 2000 sigipp () WELLA COM BR wrote:
> I only expect having no mails here which could already do some harm
> without even opening it. This would make me really angry. But luckily
> we have a moderator here.

This is too much to expect.  Your security must be on your own end -
there are a number of ways that threatening mail can get to you regardless
of list policy, not limited to:

1) moderator error - his system isn't vulnerable in the same way your is,
so he approves something he thinks is "safe".
2) moderator opinion - a different idea than yours about what "without
even opening it" means.
3) active attack - someone takes your e-mail from a posting you made,
forges mail to look like it's from the list.

Given these possibilities, you simply must make sure you're using a mail
system that is "safe enough" (meaning you're willing to accept the risks
of reading e-mail from various sources).  Now that you're doing that, we
won't have to force the moderator to make the judgement call on what
crosses the line of "too dangerous" to approve.

--
Mark Rafn    dagon () dagon net    <http://www.dagon.net/>