WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

List administrivia Public Service Announcement - the more you know...

From: Andrew van der Stock <vanderaj () greebo net>
Date: Tue, 6 Nov 2012 02:51:57 +1100
Caveat lector: My role here since taking on moderation of this list
way back in 2004 or 2005 or so is primarily to reject spam and 1 line
messages saying "thanks" or "Give me the answer to my homework /
assignment / PhD dissertation that I'm too lazy to Google".

However, the bar for submission is very, very low. You will not
believe how low it is. I have and continue to let through highly
questionable messages that might affect your computer if you do the
wrong thing. I read 'em, sometimes I smile, sometimes I smirk, other
times I think "that seems legit" in an ironic sense.

I treat you all as security professionals, and so it goes without
saying "Don't click random links unless you know what you're doing."
is the first and about the only rule that goes here. I have to assume
you know what you're doing as otherwise it denies us all an
opportunity to learn and share knowledge. And occasionally get pwned.
If your opsec* skills run to "I use SSL and a firewall", then this
list might not be for you.

So if you get pwned, you've had a fantastic learning moment, and I
truly and sincerely hope you have good (and recent) backups. Better
luck with your next OS install. :)

thanks,
Andrew your friendly list admin

* I don't always do this, but I suggest using a throwaway read-only
live CD VM to click unknown links. It's a good habit, and if your VM
gets pwned, it's just a matter of throwing it away and starting again.
It goes without saying, don't share your host OS resources such as
home folder in the victim VM, or log into your actual Internet
services, or have it bridged to the same network as systems you
actually like. If this sounds complicated, again, this list might not
necessarily be for you.



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: