[Dshield] vunerability windows

allan.malig@equitablepcib.com allan.malig at equitablepcib.com
Tue Feb 10 01:15:36 GMT 2004

Interesting.   BTW, is it true that SETI has a project before that uses 
the CPU resources of an online computer (with permission  of course) when 
it's on screen saver mode?  If ever this is true, wonder how do you set it 
to pass through  a firewall :-) 


Andy Streule <andy.streule at lythamhigh.lancs.sch.uk>
Sent by: list-bounces at dshield.org
02/09/2004 06:32 PM
Please respond to General DShield Discussion List

        To:     "'General DShield Discussion List'" <list at dshield.org>
        Subject:        RE: [Dshield] vunerability windows

that thing that i read somewhere that aol was testing. erm. like an
extension to smtp.
that supposed to check where email is from before accepting it.  Seems 
that would put a spanner in the
workings of a lot of viruses.

one of these days, i expect to see a virus that not only leeches everyones
bandwidth but steals computer power.
like distributed processing. mmmmmm. 1 million pcs parallel processing.
although i cant think of a good reason why criminals or spammers for that
matter would want/need that much processing power. It sounds like a good
plot for a movie. "Mad scientist solves the secrets of the ???? b4 
with his 1 million parrallel processing pcs assembled using a worm virus"

infact a movie about identity theft thru computer infection would probably
be a good way of getting the message across seeing as nothing else seems 
be working.


-----Original Message-----
From: Erwin Van de Velde [mailto:erwin.vandevelde at ua.ac.be]
Sent: 06 February 2004 18:20
To: General DShield Discussion List
Subject: Re: [Dshield] vunerability windows

On Friday 06 February 2004 18:00, Chuck Lewis wrote:
> Erwin,
> I agree with what you say, but that last paragraph, will true, gets
> These more recent virus offerings have gotten very good at masking
> themselves to normal users. If these users are used to getting emails 
> workers or friends that contain attachments, when a virus reads ones
> address list and fires these off, it is, unfortunately, more challenging
> for these users. That is, as had been stated, this stuff needs to be
> trapped at the email server and never even get to our users :-)

Blocking at the server is all very nice of course, but it gets a lot 
when the virus resides in compressed files like ZIPs. You can't block all
compressed files at the server, as there can be legitimate ones too...

Why not sign attachments? If this would be possible (later possibly even
required) in Outlook (Express) and other mail clients, like now already
default in kmail possible, this could do the trick when eventually all
unsigned mails with attachments could be dropped on the server.
Of course the user needs to memorize yet another password, as we can't 

him to save it in his favorite mail client :-)
In the beginning, there could be a lot of complaining by the 'normal' 

but in the end, it would make things a lot easier for all of us...

And signing could stop phishing attempts too...

Erwin Van de Velde
Student of Univeristy of Antwerp,

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

This e-mail is confidential and privileged.  If you are not the intended
recipient do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its content.

This email has been checked for known viruses.

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


This correspondence, including attachments, replies, CC (carbon copy) , 
BCC (blind carbon copy)  and forward copies are confidential and/or 
privileged information and intended solely for viewing by the 
addressee(s).    Please ensure that reproductions of this correspondence 
are kept in a secured area..
If you are NOT a named addressee, or if you received this correspondence 
by mistake, please notify sender immediately and delete all copies of the 
correspondence and associated files.   Any unauthorized copying, 
disclosure, distribution or  possession of the material in this 
correspondence in any format  is strictly forbidden and is subject to 
penalties or sanctions as provided for by the Bank's Code of Conduct or by 
applicable laws of the Republic of the Philippines.

More information about the list mailing list