funsec mailing list archives

Re[6]: www.hexblog.com down?

From: Pierre Vandevenne <pierre () datarescue com>
Date: Thu, 5 Jan 2006 01:24:17 +0100

Good Day,

Thursday, January 5, 2006, 1:00:26 AM, you wrote:

SD> bad stuff DOES happen and therefor you MUST do something.  But too often

Well, it IS currently happening. Not as much as some say, but more
than the minimal estimate.

SD> Guilfanov's product should consider it for their organizations. Just
SD> because its free doesn't make it any worse (or better) than other security
SD> products you can buy.

Did I say that in any way?

But I can tell you one thing: if Ilfak had attempted to make money
with this fix, he wouldn't have a job here anymore. But knowing Ilfak,
the point is moot...

SD> That's different than saying use it or else something bad might happen.

Did I say that in any way? I said that, based on my best information
and knowledge, I felt that my company, DataRescue was at risk and I
did not like it. Do you disagree with my assessment on a detailed
technical basis, or are you just expressing an opinion?

You may think I am totally wrong here, but given the fact that my
company produces what is probably the most widely used malware
analysis tool available, I have the weakness to believe I can make a
somewhat informed choice in that matter. And I am not making that
choice for you, just for me.

The cost for a fix that suited my need was minimal (my programmer's
time). I believe, but that is just an opinion, that many organizations
have the programming resources to tackle similar problems in-house and
that they might want to consider that option for themselves.

A few years ago, I wrote this,

http://www.datarescue.com/life/palmtrojan.htm

in the midst of the first "Palm virus" media hysteria, because I
believed the palm trojan risk was close to zero. In that case, given
the best knowledge that was available to me at the time, I decided NOT
to do anything. Exercising my freedom to assess a situation. My
assessment of the current risk here was different.

-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Re[2]: www.hexblog.com down?, (continued)
- - - Re: Re[2]: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
    - Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
    - Re: Re[2]: www.hexblog.com down? nodialtone (Jan 03)
    - Re[3]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
    - Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
    - Re[3]: www.hexblog.com down? Sean Donelan (Jan 04)
    - Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
    - Re[4]: www.hexblog.com down? Sean Donelan (Jan 04)
    - Re[5]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
    - Re[5]: www.hexblog.com down? Sean Donelan (Jan 04)
    - Re[6]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re: www.hexblog.com down? Pierre Vandevenne (Jan 03)
  - Re: www.hexblog.com down? Gadi Evron (Jan 03)
    - Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
- Re: Re[2]: www.hexblog.com down? Fergie (Jan 03)
- Re: www.hexblog.com down? Fergie (Jan 03)
  - Re: www.hexblog.com down? nodialtone (Jan 03)
    - RE: www.hexblog.com down? Gary Funck (Jan 03)
  - RE: www.hexblog.com down? Anthony Aykut (Jan 03)
    - RE: www.hexblog.com down? nodialtone (Jan 03)

(Thread continues...)