[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
Brad Knowles
brad at stop.mail-abuse.org
Sat Jan 29 19:41:23 CET 2005
At 8:50 AM -0800 2005-01-29, JC Dill wrote:
> Didn't I say that above?
Not that I saw, no. What I read of your message indicated that
the virus had infected a normal user and pulled a message out of
their sent folder, which would not have had the Approved: header.
>> Even then, most moderators work via the web and not via e-mail, so
>> this would be a very low probability of success.
>
> Most moderators use the web to approve email from *others*, but most
> of the ones I know who are responsible for originating content for
> their list use the approved header when they send the content to their
> list so that they don't have to take an additional step of going to
> the webpage to approve the message they just sent.
Most moderators I know of don't need to use the Approved: header,
because they themselves are not moderated on their own lists. But
then maybe you know more moderators than I do.
> If it hasn't happened yet, then "yet" is the critical factor. It's
> going to happen someday...
True enough.
I still think it's a lot of work for a virus to go through, but
when they do finally run into a moderator that uses this technique,
there is a high chance of successful transmission to a large number
of other targets.
I guess the question is when does the probability go up enough
that the payoff justifies the amount of input work?
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list