RE: [Full-Disclosure] Email

["Jos Osborne" <Jos@meltemi.co.uk>]

>ok ... the click click social engineering vulnerable
>operating system everone seems to target... isnt it
>file extension based ? .... very explotable ...but
>also quite simple to change the extension 
>
>why isnt a "defanger" standard on all mail gateways ?
>
>guess im just not exposed to stupid on a corporate
>scale

Most ISP's wouldn't touch the concept of being responsible for their client's 
e-mail security with a 10' barge pole. Apart from the obvious technical issues 
- they'd need an AV scanner to check the mail that would have to be capable of 
dealing with serious volumes - there are also issues of liability if anything 
doesn't work (I'm thinking along the lines of the medical court cases that have 
come up where doctors have been sued for not using the most advanced equipment 
that existed regardless of whether they actually had that equipment available 
at the time).
Add to this privacy issues - they have to open up the e-mail to scan it - and 
you end up with a fairly horrible problem.

Security from viruses is a many-layered problem. As regards the current 
outbreak, we haven't been hit because :

a) I found out about it from several sources early on and uploaded new AV 
signatures immediately

b) the one copy that came through in a format not recognised by our AV was 
caught by a user who actually listened to my monthly warnings about strange 
attachments from people you don't know, who forwarded it on to me for checking. 
Within 1 hr of my confirming that it was the virus the MD had sent an e-mail 
around reminding everyone about virus safety.

"Corporate Stupidity" is usually just common human laziness compounded by a 
reluctance to take responsibility for things.

Jos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html