Re: funsec Digest, Vol 41, Issue 4

[RandallM <randallm () fidmail com>]

> ------------------------------
>
> Message: 4
> Date: Thu, 1 Jan 2009 16:26:19 -0800 (PST)
> From: Todd Parker <kitsune () sbcglobal net>
> Subject: Re: [funsec] idea
> To: funsec () linuxbox org
> Message-ID: <125717.99715.qm () web83106 mail mud yahoo com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
> From:? ? ? ? ? ??? RandallM <randallm () fidmail com>
> > > Thought:
> > > Why can't we using the same type of process provide access to programs
> and
> > > or sites in the same manor so that the malware infections cannot "block"
> > > because the sites are not permanant?
> >
> > Additional thought:
> >
> > > Symantec is and always will be "www.symantec.com", as with other sites.
> >
> > Low tech addition: How about collecting and publishing a list of helpful
> IP
> > addresses, so that even if the hosts file or DNS is messed with some help
> might
> > still be available?
>
>
>
> Except that many sites, including Symantic are inconsistent with their
> usage of links within their site. In context, look at the source for this
> company's front page, and find the link for downloads. FQDN instead of a
> local reference. User is blocked again.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://linuxbox.org/pipermail/funsec/attachments/20090101/ebf4a462/attachment-0001.htm
>
> ------------------------------
Grandpa Rob is correct. Why not? What we have to come together on is it's
not going to take a few but "MANY" of the "whiteHats" and AV companies to
work together. I hear over and over again, the bad guys are winning. I am no
one of importance but there are many on this list with the contacts to put
something together like this. From the responces I read many "see" the idea.



1. Is there no funds for Akamai? Subscriptions? Contributions?
2. Are there no voluntary company's or organization to help in the
collecting and publishing of IP's?
3. Mike Preston made mention of "distributed directory with metadata?
He also mentioned "fast-flux". I had a similar thought with this just could
not put it together in my mind.

I don't know what the method is but there has to be one better then what we
have. It's easy to say "harden" but the user and OEM''s don't do it now and
haven't. Besides to much controversy with this and what the average user can
handle.

I am hoping that Ben Lie would jump in here and explain what he privately
sent me. But, I do understand his reluctance due to the same concept easily
used by malware authors. But his process seems to be viable and workable. I
though don't want to goof it up by sharing it and would hope he would. It
basically involves "content injection" from an unblocable source.  I though
would like him to present it to the list or a few folks here to be tested by
those a lot smarter then me. But it looks very workable.



-- 
been great, thanks
Big R

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.