Full Disclosure mailing list archives
RE: RE: Symantec wants to criminalize security info sharing
From: "Dowling, Gabrielle" <dowlingg () sullcrom com>
Date: Thu, 11 Sep 2003 21:37:59 -0400
Jason --- I can't see that your argument holds water in the least. Yup, you know, almost everyone who works in my IS department believes that AV companie release viruses just so they can trap them. That's just silly. They don't have to, so why would they do something so stupid? They have also come out as a whole to decry the University of Calgary's proposed course on virus writing (and rightfully so -- all you will learn about how viruses function by writing is how your particular virus works), and stated that they will not even hire graduates of the course. To take it a step further, whomever yanked the public exploit code that was the core of Blaster and turned it into a worm didn't seem to know much about coding, and they certainly didn't need AV company's help, just Packstorm's. But, back to the insider trading / stock price question. Most public companies do not have to report business impact to do a major virus incursion, except for some new law for e-commerce sites, and that may be in California only. I don't think the finance sector is yet affected by these laws, but I'm not sufficently familiar with Sarbanes-Oxley to be certain of that. It was a bugbear variant that tried to capture data from financial institutions, and afaik know it was completely unsuccessful in doing so because, hmm, they all block exe's inbound via mail, so, hmmm, all it did was capture popular attention. Now, for stock market prices, if there is such a trend (but you really can't say there's such a trend unless you've controlled for a lot of other factors), are you sure you can't chalk it up simply to media attention and the emotional factor that continues to drive the market, even on highly paid analyst's end? I really think we would all be better off not focusing on this supposed av company malfeasance and rather focus on what security vendors could best offer us. It strikes me that av is rather straightforward, but the rest of the industry offerings are vastly more problematic. I wonder still why ISS contiues to have a "Melissa virus" sig, rated high, that simply checks for "Important information for...." in the subject line of a message. 3 years ago that was probably helpful, not so now. Best, Gaby -----Original Message----- From: Jason Coombs [mailto:jasonc () science org] Sent: Thursday, September 11, 2003 8:03 PM To: l8km7gr02 () sneakemail com Cc: Full-Disclosure@Lists. Netsys. Com Subject: RE: [Full-disclosure] RE: Symantec wants to criminalize security info sharing Aloha, Cory.
Historically, have worms/malware visibly affected the US stock market?
First let me say that the answer is an empirical "yes" to your question. I've personally watched worms and malware affect U.S. stock prices. Look at a recent stock chart of SYMC -- there are lots of reasons to explain the recent rise to all-time-highs. They were added to the S&P 500 in April, the U.S. markets have just staged one of the great short-term rises in history, etc. However, when you plot a detailed overlay of malware events with specific minute-by-minute charts of each day's trading, something that you probably don't have the data available to do easily, and compare it to news wires and a timeline showing people's actions in the industry, press, etc. what you see is that particular financial instruments, such as near-expiration stock options, move dramatically. These moves are obviously predictable for those in-the-know... What isn't as easy to assemble, but that I've witnessed personally and have some evidence to substantiate, is the relationship between comments made by the executives of Symantec and specific features of subsequent malware. For instance, at the beginning of June a bit of malware was released that targeted financial services companies... I think it was one of the SoBig viruses, but I'd have to go back to my notes to confirm... Inside the virus was code that would attempt to determine if it had infected a computer that belongs to a hard-coded list of financial services companies, and if so then bad things would happen such as gathering passwords and account numbers with the appearance that this pilfered data would supposedly make it back to the malware author ... the likelihood of that actually happening is so small as to be absurd, and authorities would capture the malware author if there really was any direct communication between the person and the infected hosts at financial services companies -- just as certainly as Blaster.B (Lovesan) variant author Jeffrey Lee Parson's insertion of code to contact his own Web site led to his capture recently. What nearly everyone missed was the fact that a Symantec executive (as I recall it was the CEO during an investor presentation during May) had only days prior lamented the fact that Symantec didn't have enough market penetration into financial services companies... Now, I'm not suggesting there is a direct conspiracy between Symantec executives and malware authors. I'm stating that there is in fact, and in provable fact, a direct link between these people -- the free market, the press, and SEC-mandates for equal access to information that could impact the public's analysis of the company as an investment. It can be seen in the sequence of events just described and it can be surmised, without being ridiculous, that professional malware authors would take advantage of their ability to impact stock prices in order to make money. When better evidence emerges that is non-circumstantial, you can be sure that we'll all see it. Until then, if any Symantec executive really calls for criminalization of full disclosure, I've got the ability to assemble a detailed report showing item after item of circumstantial evidence that may be enough to justify an SEC investigation. I hope that it's never necessary for me to write this report. I also hope that if any such investigation does occur at any time in the future, that we don't find out that we've been deceived by people who have a fiduciary duty to be trustworthy -- that's happening in other places, but it should not be tolerated by any member of the infosec community. One thing is certain: the potential exists for malware authors to manipulate the stock market. And where there is potential for penetrations or abuses, they often do in fact occur. In my opinion, Symantec should consider going private in order to remove this potential for financial reward of malware authors. Sincerely, Jason Coombs jasonc () science org -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of l8km7gr02 () sneakemail com Sent: Thursday, September 11, 2003 12:25 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] RE: Symantec wants to criminalize security info sharing Mr. Coombs, I find your ideas intriguing and wish to subscribe to your newsletter. Seriously though, you make some fairly serious accusations -- do you have anything with which to back them up? I'm not trying to be adversarial, I just think it would make for some very interesting reading. Historically, have worms/malware visibly affected the US stock market? Personally, I think that any move to restrict discourse (by Symantec or others) without air-tight justification should be met with extreme skepticism (and subsequent retaliation) by the public. I very much look forward to hearing how Symantec spins the announcement over the next few days. If it's true and Schwarz meant exactly how Wired represented him, I'm still not convinced his motivations are (directly) dollar-based. It's all part of the same Branding movement, started in the early '90s. It wouldn't be unheard-of for Symantec to wish to trandscend its relatively modest position in the AV world and make themselves out to be *the* resource for security and recovery tools and information. That doesn't mean it's right, of course -- it just wouldn't be unexpected. take care, Cory _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** This e-mail is sent by a law firm and contains information that may be privileged and confidential. If you are not the intended recipient, please delete the e-mail and notify us immediately. *********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: RE: Symantec wants to criminalize security info sharing Dowling, Gabrielle (Sep 11)