[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Administrivia: Binary Executables w/o Source
- To: "'Len Rose'" <len@netsys.com>, full-disclosure@lists.netsys.com
- Subject: RE: [Full-Disclosure] Administrivia: Binary Executables w/o Source
- From: Simon Thornton <simon.thornton@swift.com>
- Date: Tue, 19 Aug 2003 10:41:19 +0200
Hi Len,
LR> don't send binary executables on the list
LR> unless you include the source code. We should add
LR> this to the charter shortly.
I can understand your reasoning but I think this is a little extreme,
the value of this list is the (relatively) unrestricted flow of info.
Sometimes the binaries maybe of interest, as long as they are not very
large. A classic example would be output from tcpdump for a new trojan,
very useful when writing SNORT sigs.
What would be useful is if people put binaries in password protected
ZIP/RAR etc and put the password in the message, this would stop AV s/w
(or similar) removing the attachments as "infected". It also means that
the reader has to consciously open the attachment.
As with any binary you take a risk; caveat emptor, it is how you
assess/mitigate/deal with the risk which determines whether you will
open unidentified executables. Sometimes the risk is worth it.
If you really must put a limit, prevent attachments greater in size than
say 200K, anything else should use a link to a website/ftp server for
distribution.
Just my two euro cents worth ..... :-)
Rgds,
Simon
smime.p7s