WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Administrivia: Faulty censorware and faulty anti-virus software

From: Andrew van der Stock <vanderaj () greebo net>
Date: Thu, 19 Jan 2006 18:56:31 +1100
Hi there,
If you site is running censorware, extremely poor anti-spam, or badly configured anti-virus software, you will be removed from the webappsec mail list without any warning. In the past few days, I've received bounces to the mail list address which should never exist:
a) A possible CSRF attack site masquerading as a support ticketing gateway
b) Someone in Brazil with crap anti-spam software requiring us to click a link. No thanks, buddy.
c) In the last day or two, some site from Uruguay running censorware which is banning all our posts... but telling the mail list instead of the poor sap behind the censorware gateway. If I was the poor sap, I'd take the thought police out the back and introduce them to my nice shiny rubber hose and copies of the Yellow pages
d) and lastly, a beautifully formatted ... something ... written entirely in Korean which I cannot decipher 

The rules for SMTP gateway configuration are simple:
* SMTP software acting on your behalf should send reports to you or your site's thought police, no one else 
* Do not allow mail software to e-mail this or any other list
We have a lot of subscribers, and there's absolutely no reason for all of us to be affected by your site's decision to run appalling, badly written, badly configured "software". 

Andrew
ps. In some good news, we were not too heavily afflicted by vacation messages during the busy Lemon Cup Cake Holiday season. Thank you for that. :) 

-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. 

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: