Re: Get your computer viruses here!

[val smith <mvalsmith () gmail com>]

Wow I'm surprised you gave up on me so quickly if you feel so strongly about
the issue! Especially because you WERE having an effect. I was listening and
thinking about what your saying. In formal debate thats usually a big first
step.

I'd really like to meet this McNasty person, he sounds like quite a guy.

Ill say again, you might as well send google the same emails you are sending
me since Mr. McNasty (related to mcdonald maybe?) can do the same thing with
google.

Perhaps mr McNasty after seeing the great collaborative community that is
forming on OC would get inspired to give up his life of evil and start
helping out to improve security? If not at least I've done what I could to
influence him in a postive way.

> I'd be really quite surprised, given your intention to run a malware
> exchange open to anyone who wants to use it, if you'll get much in the way
> of contributions.

I'm actually getting lots of contributions and feedback from some of the
people I respect most in the security community. Looks like the OC community
is growing in a positive way in spite of its evil possibilities. Ill be
honest I've gotten around 50 - 60 thousand hits, and tons of email and yours
has been the only negative one so far. Maybe the others who feel as you do
have given up already as well?

I guess what you haven't convinced me of yet is how "malware" is any
different from any other object in existance which can be used for both good
or evil. I could stand on the corner selling rocks which people could use to
study or to bash someone over the head with. How is that much different?

Just to be clear, in no way am I trying to "flame" you. I really do want a
diversity of ideas and opinions but I like to keep a bit of humor in any
debate. So please keep the thoughts coming, I'm greatly enjoying the
discussion.

V.


On 12/28/05, Drsolly <drsollyp () drsolly com> wrote:
> On Tue, 27 Dec 2005, val smith wrote:
>
> > Hi there, thanks for the interest in my site.
> >
> > (Drsolly I was sad to not recieve any more replies from you, I had hoped
> to
> > keep dialogue open:( )
>
> You seemed to have already made up your mind, and I wasn't having any
> effect by talking to you.
>
> > I pretty much agree with what Gadi stated and definitly the intention of
> the
> > site is white-hat. A simple google search will satisfy most peoples
> > blackhat/vx needs much better than my site ever could.
> >
> > If you login and look around you will see a few things:
> >
> > 1.) It requires a login to access samples and the way its configured
> they
> > cant be downloaded automatically from worms, etc. (if someone finds a
> bug in
> > this let me know, ill fix it)
>
> But Blackhat McNasty can create a login, and download everything he wants.
>
> > 2.) Accesses are logged (limited usefulness) but its simple for me to
> turn
> > accounts / IP's off if I see a problem.
>
> But Blackhat McNasty downloading a bunch of malware won't be seen by you
> as a problem - why should it? You're under the impression that
> distributing malware is equivalent to free speech.
>
> > 3.) You'll see the focus is on analysis, identification and signatures
> > rather than simply a malware distribution site
>
> Blackhat McNasty doesn't care what your focus is, all he wants it to
> download the malware that you're kindly providing
>
> > 4.) I think im providing some useful services out there. I submit copies
> of
> > my samples/analysis to the A/V companies and others like ISC
>
> Blackhat McNasty doesn't care what other services you provide.
>
> > 5.) I've begun converstations with other projects to see how we can
> > collaborate (mwcollect, nepenthes, etc.)
>
> Blackhat McNasty doesn't care who you're getting samples from, but other
> projects might be concerned about who you're distributing them to. I hope
> you're telling them your policy on redistributing malware?
>
> > 6.) I don't develop malware (unless you count exploits as malware but I
> dont
> > distribute these here)
>
> Blackhat McNasty doesn't care whatty doesn't care who wrote them, he's
> just happy that he can get them from you.
>
> The big thing missing here is any attempt to determine whether Blackhat
> McNasty is likely to use the malware that you provide him with, for
> malicious purposes.
>
> > Thankfully the country I am in still allows free speech and this thing
> isn't
> > illegal according to my research and the opinion of lawyers I have
> spoken
> > with.
>
> Speech is free here too, but that doesn't entitle me to whack someone over
> the head and call it "speech". Nor does it entitle you to provide a
> malicious person with the weapons to cause destruction on other people's
> computers, unless you live in a country which doesn't have computer misuse
> laws. You don't mention what country you're in, so I can't say. You have a
> moral and legal obligation to determine whether Blackhat McNasty is likely
> to act maliciously with the malware you provide him with. You're not
> meeting that obligation.
>
> > Gadi its true we dont know each other, however I think we have some
> friends
> > in common. I'd look forward to buying you a beer in Vegas this summer :)
> >
> > Anyway I look forward to hearing more opinions, input and suggestions.
> > (contributions hopefully?)
>
> I'd be really quite surprised, given your intention to run a malware
> exchange open to anyone who wants to use it, if you'll get much in the way
> of contributions.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.