funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: val smith <mvalsmith () gmail com>
Date: Wed, 28 Dec 2005 16:46:16 -0700
Just a note, all the log information is published on the site for all to see :) How about moving this conversation in a more positive direction if your're all willing? Can anyone make technical suggestions about how to make this process more secure? Manual vetting won't work, because as of right now I am only one person and I have to decide do i spend my time doing: - web development - malware analysis - or vetting 60,000 people I do not know? Personally I prefer the malware analysis choice. If there are some nifty technical solutions to ensuring the malware is only available to "qualified" (who makes that determination or how?) researchers Id love to hear them. For example E-Bay has an interesting feedback system to help buyers and sellers gain more confidence. Could something like that be implemented here ? (im not sure how) what other ideas are there ? I want to hear ways to make this better. "Stop doing it" doesn't qualify. But you are all smart people. help me improve this idea if you can. Incidentally Drsolly you say "its not my job to change your mind, its your job" However my opinion is that if you really care about this issue, and disagree with me, and you want me to stop, it IS your job to discuss with me what you want if you hope to acheive anything. Otherwise it can be viewed as simply trolling? V. On 12/28/05, Drsolly <drsollyp () drsolly com> wrote:
I can further give a metaphore that will say researchers anthrax is bad, for if there is no anthrax, having it is a risk b itselfHow about someone sets up a web site for people interested in anthrax, so that people can upload and download samples?contradiciting analogies can be given for days, and we all pick our favorite. Fact is it is not very easy for researchers to get data, and fact is that branding of people outside the inner circle as blackhats if they don't conform to what suits the inner circle best is wrong. Further, even if I do agree sharing of samples should be done securelyandin a vetted enviroment, today it is as ridiculous as telling people nottowatch porn.No, it's as ridiculous as telling people not to rob banks. Sure, some banks will still get robbed, but that doesn't make it right.So, being a moral example is great, but does it do any of us any good where it is proven things get on when you keep that stand while if yo changed it, maybe you could influence those you now call blackhats, and see they may even be... wow, good guys?With this web site, I don't see any attempt to determine who is blackhat and who isn't, let alone any attempt to influence the blackhats.Finally, this guy believes in it. He is going to do it. Help him or name him a blackhat, but helping him might get things "safe" while notkillinghis ideas all together.I am helping him. I'm explaining why it's ethically wrong to run an unvetted VX, and about the legal hot water he could find himself in.As an example, if some people in the AV industry HELPED the good peopleatClamAV who had o learn all by themselves without years of traditions, ideas and knowledge, instead of just critisizing, Clam would havegottemnwhere it is today a lot sooner, and even far further than that.I don't know about the ClamAV issue. What did they need to learn that they needed help for?My suggestion to this guy is do his thing, follow his conscience, andlethistory prove him right or wrong.You can't just say "let history prove". Because we'll never know how many blackhats got malware from his Virus Exchange and spread it around.It is harmful not to share openly. It is harmful not to keep high moral standards, but in this case, where did they come from?The moral standards in this case come from where they always come from - they come from your own understanding of right and wrong.Why was it initially BAD to share samples? Do these reasons still stand oday?It was intially bad for a number of reasons. 1) The easiest way to make a "new" virus, is to make a small modification to an old one such that current detectors no longer recognise it. 2) A lot of people, at the time (and maybe even now) were suggesting that the AV people were encouraging the spread of viruses (and maybe even writing new ones). A VX certainly does encourage the spread of viruses. 3) There are computer crime laws that make it illegal to distribute malicious software without the victim's consent. And there's "criminal negligence" laws that make it illegal to distribute something that you *know* can be used to cause harm, without any vetting of the recipient. It is, for example, illegal to sell knives, alcohol or tobacco to children - the vetting in that case is age-based. I don't think that any of those three reasons have changed. So, here's a question for anyone who is involved in maintaining an ftp (or other distribution method) of malware. Would you be willing to publish the access details and allow anyone at all to download from it? If not, why not? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!], (continued)
- heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Gadi Evron (Dec 30)
- Re: heinlein, a fascist? HOW DARE YOU??!! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
- Re: heinlein, a fascist? HOW DARE YOU??!! Paul Vixie (Dec 30)
- Re: heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Pierre Vandevenne (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Richard Cox (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] John LaCour (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Pierre Vandevenne (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)