[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: [FD] FD should block attachments

To: full-disclosure@xxxxxxxxxxxxxxxx, full-disclosure-admin@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Re: [FD] FD should block attachments
From: Bart.Lansing@xxxxxxxxx
Date: Mon, 5 Apr 2004 12:31:48 -0500

Paul,

It seems we are trading valid concerns...

One potential solution might be a common web-based repository (hosted by 
some kind soul who has the willingess and wherewhithal to do it...any 
reputable volunteers?) that could be used by all members to drop files, 
then point to them within the messages to the group via URL.  Of course 
that has the potential to be misused in a variety of ways and would have 
to be administered, and really, someone is still footing the bill.  I 
don't know that I would really liken the people sending files along to 
this group to spammers...but the analogy is useful in terms of making your 
point.

Bart Lansing
Manager, Desktop Services
Kohl's IT

Paul Schmehl <pauls@xxxxxxxxxxxx> 
Sent by: full-disclosure-admin@xxxxxxxxxxxxxxxx
04/05/2004 11:05 AM

To
full-disclosure@xxxxxxxxxxxxxxxx
cc

Subject
RE: [Full-Disclosure] Re: [FD] FD should block attachments

--On Monday, April 05, 2004 09:04:36 AM -0500 Bart.Lansing@xxxxxxxxx 
wrote:

>
> Paul,
>
> Just a thought here...as you're right, having some modicum of
> consideration for those who have cost issues with bandwidth (I'll 
content
> that we are not spoiled, and that we...ok...most of us...pay for the
> bandwidth we use...TANSTAFL).  However, you are assuming that anyone who
> wishes to potentially send a file along here can just as easily host
> one.  Not, I think, a valid assumption...and one which, for many...would
> cost money.  So, who gets to pay?  Either someone is paying to download,
> if they are on a  pay-as-you go model, or someone is going to pay to
> host...either way, it's not quite as simple as you've made it out to be.
>
You make an interesting point, and it has some validity.

What immediately came to my mind when I read that was the spammers.  They 
expect to shift the cost of what they do to the recipients.  Is that what 
should be the standard for security researchers as well?

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of 
the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify 
us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the 
right to retrieve and read any message created, sent and received.  Kohl's 
reserves the right to monitor messages by authorized Kohl's Associates at any 
time
without any further consent.

References:
- RE: [Full-Disclosure] Re: [FD] FD should block attachments
  - From: Paul Schmehl

Prev by Date: Re: [Full-Disclosure] erase with magnet
Next by Date: [Full-Disclosure] Advisory: Multiple Vulnerabilities in Monit
Previous by thread: RE: [Full-Disclosure] Re: [FD] FD should block attachments
Next by thread: [Full-Disclosure] MCSE training question
Index(es):
- Date
- Thread