funsec mailing list archives
Re: funsec Digest, Vol 41, Issue 4
From: RandallM <randallm () fidmail com>
Date: Thu, 1 Jan 2009 23:21:01 -0600
------------------------------ Message: 4 Date: Thu, 1 Jan 2009 16:26:19 -0800 (PST) From: Todd Parker <kitsune () sbcglobal net> Subject: Re: [funsec] idea To: funsec () linuxbox org Message-ID: <125717.99715.qm () web83106 mail mud yahoo com> Content-Type: text/plain; charset="iso-8859-1" From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca> From:? ? ? ? ? ??? RandallM <randallm () fidmail com>Thought: Why can't we using the same type of process provide access to programsandor sites in the same manor so that the malware infections cannot "block" because the sites are not permanant?Additional thought:Symantec is and always will be "www.symantec.com", as with other sites.Low tech addition: How about collecting and publishing a list of helpfulIPaddresses, so that even if the hosts file or DNS is messed with some helpmightstill be available?Except that many sites, including Symantic are inconsistent with their usage of links within their site. In context, look at the source for this company's front page, and find the link for downloads. FQDN instead of a local reference. User is blocked again. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://linuxbox.org/pipermail/funsec/attachments/20090101/ebf4a462/attachment-0001.htm ------------------------------
Grandpa Rob is correct. Why not? What we have to come together on is it's not going to take a few but "MANY" of the "whiteHats" and AV companies to work together. I hear over and over again, the bad guys are winning. I am no one of importance but there are many on this list with the contacts to put something together like this. From the responces I read many "see" the idea. 1. Is there no funds for Akamai? Subscriptions? Contributions? 2. Are there no voluntary company's or organization to help in the collecting and publishing of IP's? 3. Mike Preston made mention of "distributed directory with metadata? He also mentioned "fast-flux". I had a similar thought with this just could not put it together in my mind. I don't know what the method is but there has to be one better then what we have. It's easy to say "harden" but the user and OEM''s don't do it now and haven't. Besides to much controversy with this and what the average user can handle. I am hoping that Ben Lie would jump in here and explain what he privately sent me. But, I do understand his reluctance due to the same concept easily used by malware authors. But his process seems to be viable and workable. I though don't want to goof it up by sharing it and would hope he would. It basically involves "content injection" from an unblocable source. I though would like him to present it to the list or a few folks here to be tested by those a lot smarter then me. But it looks very workable. -- been great, thanks Big R
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: funsec Digest, Vol 41, Issue 4 RandallM (Jan 01)