[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] (no subject)

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] (no subject)
From: <hatless@xxxxxxx>
Date: Wed, 16 Aug 2006 15:17:53 +0200

Jason wrote:
> Matt Burnett wrote:
>> You really think this would be hard to design. Think about how 
most spam
>> solutions work, if you get 25 posts in hour with 100k 
attachments from a
>> new user, do you think they are talking about security or are 
they
>> posting porn. Anything a spam filter would consider suspicous 
could be
>> flaged for moderator approval. Its not 100% fool proof but do 
you really
>> think some 16 year old kid whos posting porn here would take the 
time to
>> try to defeat it, in order just to post crappy porn?

> Wonderful. I suggest that you get or develop this technology for
> yourself and offer it to others.

> Have you done the analysis of the images yet? I quote the 
challenge
> again for your and the lists benefit.

> "Are you an expert? Have you done an analysis of the porn? What 
were
> your findings? Are there any hidden messages? Disclosures? 
Patterns?
> Trends?"

> The next target of a terrorist plot could be embedded in there 
somewhere
> just waiting for you to discover it.

What's your problem? Who cares about that?
A simple filter would do the job:

example 1:
mail contains attachment -> attachment is image (WE HAVE FILE
EXTENSIONS - GUYS) -> let mod approve it or delete them

How often do you send images to a security related list? Not often, 
i
guess.

example 2:
more than 10 mails per hour -> let mod approve it/ delay delivery

>> 
>> If implemented properly it would not limit the free exchange of 
SECURITY
>> RELATED information, but would limit the exchange of porn on FD. 
You
>> dont think a couple thousand security people, most of whom are 
strong
>> supporters of privacy rights/civil rights/etc couldnt devise a 
proper
>> system that would not impead the exchange of security related 
information?
>> Anyways what legal issues are you talking about, be specific. 
For one i
>> know that it is against nearly all American corporate internet 
use
>> policies to look at porn. So some 16 year old kid could 
potentialy get
>> someone fired for sending porn on FD. Hows that for a legal 
issue.

> If you are on a corporate network and subscribed to FD using 
corporate
> resources without the authority and justification to do so then 
you
> deserve to be terminated. It has nothing to do with porn and is 
just as
> likely to have the same effect for downloading copyrighted 
content,
> exploits, "dangerous material", viruses...

In my country it's absolutaly legit to check their own e-mails as
long as your work is not disturbed. Hint: Check mails while you 
take a
break. Btw. mails are treated as private so nobody cares what they
contain. Virii, trojans, spam, ... are usuallly filtered.

< removed other crap, nobody cares about >




Concerned about your privacy? Instantly send FREE secure email, no account 
required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Re: ICMP Destination Unreachable Port Unreachable
Next by Date: [Full-disclosure] [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting
Previous by thread: [Full-disclosure] [USN-335-1] heartbeat vulnerability
Next by thread: [Full-disclosure] [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search.php cross site scripting
Index(es):
- Date
- Thread