Discussion:
GWAVA Sender Notification (Content filter)
(too old to reply)
James Tucker
2005-05-10 01:32:41 UTC
Permalink
Surely this kind of message is a really bad idea.

What is the possible true business value of such a filter?

What is the potential impact upon security to disclose the information
that this mail does?

What is the cost of deployment of this system against the costs
related to it's potential, and actual effects?

As novell say "cool" solutions. What a wonderful business term.
I think I might use the word "cool" in my next board meeting.

---------- Forwarded message ----------
From: gwava-***@ird.govt.nz <gwava-***@ird.govt.nz>
Date: May 10, 2005 2:26 AM
Subject: GWAVA Sender Notification (Content filter)
To: undisclosed-recipients





A message sent by you was blocked by GWAVA - Content protection for
Novell GroupWise.

The message was blocked for the following reason(s):

Content filter

The message contained the following information:


Subject:Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older
versions or something (maybe later too)
From:"***@gmail.com".INTERNET.IRDOM
Recipient(s): [No To Addresses]
[No Cc Addresses]
JBM1.clhpo.IRDOM_Addresses

The following information details the events that prevented delivery
of this message:


EventDetails
Content filtered

Content within this message was disallowed.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
V***@vt.edu
2005-05-10 03:44:09 UTC
Permalink
Post by James Tucker
Surely this kind of message is a really bad idea.
You know it, I know it, and the A/V vendors know it.
Post by James Tucker
What is the possible true business value of such a filter?
The true business value is for the A/V vendor, who can blat out a
free spam to the forged MAIL FROM: address (which is probably scraped off
a disk by the worm/virus and therefor likely an actual address.

In this case, the bozos at GWAVA can spam you about finding something they
didn't consider acceptable.
Post by James Tucker
What is the potential impact upon security to disclose the information
that this mail does?
It demonstrates that the site running it is lame enough to still be running
A/V software that spams people.
Post by James Tucker
What is the cost of deployment of this system against the costs
related to it's potential, and actual effects?
The GWAVA people don't care. They've been paid for the product already, and
they're not the ones paying for the bandwidth.

Remember - you're talking here about a market segment *founded* on the business
model that *partially* patching some other vendor's broken software will lead
to a permanent gravy train. Once you've wrapped your brain around the morals
and ethics of that business model, it's obviously a very tiny step to spamming
other people about the wonders of the product.
James Tucker
2005-05-10 09:11:56 UTC
Permalink
marketing is a "wonderful" thing.
Post by V***@vt.edu
Post by James Tucker
Surely this kind of message is a really bad idea.
You know it, I know it, and the A/V vendors know it.
Post by James Tucker
What is the possible true business value of such a filter?
The true business value is for the A/V vendor, who can blat out a
free spam to the forged MAIL FROM: address (which is probably scraped off
a disk by the worm/virus and therefor likely an actual address.
In this case, the bozos at GWAVA can spam you about finding something they
didn't consider acceptable.
Post by James Tucker
What is the potential impact upon security to disclose the information
that this mail does?
It demonstrates that the site running it is lame enough to still be running
A/V software that spams people.
Post by James Tucker
What is the cost of deployment of this system against the costs
related to it's potential, and actual effects?
The GWAVA people don't care. They've been paid for the product already, and
they're not the ones paying for the bandwidth.
Remember - you're talking here about a market segment *founded* on the business
model that *partially* patching some other vendor's broken software will lead
to a permanent gravy train. Once you've wrapped your brain around the morals
and ethics of that business model, it's obviously a very tiny step to spamming
other people about the wonders of the product.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Loading...