Vulnerability Development mailing list archives
disclosure and risk to list subscribers (Re: Another new worm???)
From: dagon () DAGON NET (Mark Rafn)
Date: Thu, 22 Jun 2000 08:13:37 -0700
I would recommend that readers unsubscribe from the list if they or their systems are not prepared to view and analyze information disseminated here.
I second this. It's a full-disclosure list, and you must be prepared for anything that comes down the pipe. On Wed, 21 Jun 2000 sigipp () WELLA COM BR wrote:
I only expect having no mails here which could already do some harm without even opening it. This would make me really angry. But luckily we have a moderator here.
This is too much to expect. Your security must be on your own end - there are a number of ways that threatening mail can get to you regardless of list policy, not limited to: 1) moderator error - his system isn't vulnerable in the same way your is, so he approves something he thinks is "safe". 2) moderator opinion - a different idea than yours about what "without even opening it" means. 3) active attack - someone takes your e-mail from a posting you made, forges mail to look like it's from the list. Given these possibilities, you simply must make sure you're using a mail system that is "safe enough" (meaning you're willing to accept the risks of reading e-mail from various sources). Now that you're doing that, we won't have to force the moderator to make the judgement call on what crosses the line of "too dangerous" to approve. -- Mark Rafn dagon () dagon net <http://www.dagon.net/>
Current thread:
- Re: Red Hat 6.2's ftp segmentation fault, (continued)
- Re: Red Hat 6.2's ftp segmentation fault Bluefish (Jun 24)
- Re: Red Hat 6.2's ftp segmentation fault Jim Kinney (Jun 24)
- Re: Red Hat 6.2's ftp segmentation fault Blue Boar (Jun 24)
- Different attack vector - PXE-2.0 protocol Ollie Whitehouse (Jun 25)
- Spoofed FTP connections John Scimone (Jun 25)
- Re: Red Hat 6.2's ftp segmentation fault Jason Storm (Jun 24)
- Keyboard recording Martin M Samson (Jun 21)
- Re: Another new worm??? Blue Boar (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- disclosure and risk to list subscribers (Re: Another new worm???) Mark Rafn (Jun 22)
- Re: Another new worm??? Bennett Todd (Jun 24)
- Re: Another new worm??? Crispin Cowan (Jun 25)
- Re: Another new worm??? Elias Levy (Jun 26)
- Re: Another new worm??? Crispin Cowan (Jun 27)
- Re: Another new worm??? Dino Amato (Jun 28)
- dalnet 4.6.5 remote vulnerability Matt Conover (Jun 28)