funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: John LaCour <johnlacour () gmail com>
Date: Wed, 28 Dec 2005 16:43:32 -0800
On 12/28/05, val smith <mvalsmith () gmail com> wrote:
Can anyone make technical suggestions about how to make this process more secure?
I. Have users authenticate themselves to the website after first registering via email. A Optionally, New users can only get credentials after being nomimated by two existing members 1. Optionally, Seed the first users with well known AV vendor people II. Only post samples that are detected by at least one major AV vendor; send undetected samples to legit AV vendors (this will discourage people from writing new stuff and uploading it) III. Remove samples after a period of time. Most legit analysis only need be done for a period of time shortly after discovery IV. Don't provide access to file infectors. These are relatively rare and easy to mishandle V. Don't provide any source of any kind VI. Limit the amount of stuff that someone can download so that they can't leech the site VII. Encrypt samples in storage and unencrypt (or provide the key) on the fly when the file is requested. This should raise the bar should your server itself be compromised. VIII. Freely provide as much information as possible about the sample so that users may use that information and don't need to get the sample itself. e.g. filenames used, bot C&Cs, URLs it requests, MD5 / SHA-1 hashes, CLAM sig, etc. I'm sure there's more, but that's a off the top of my head... -John _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit], (continued)
- Re: heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Pierre Vandevenne (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Richard Cox (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] John LaCour (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Pierre Vandevenne (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 30)