funsec mailing list archives

Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

From: Drsolly <drsollyp () drsolly com>
Date: Thu, 29 Dec 2005 00:08:54 +0000 (GMT)

On Wed, 28 Dec 2005, val smith wrote:

Just a note, all the log information is published on the site for all to see
:)

How about moving this conversation in a more positive direction if your're
all willing?

Can anyone make technical suggestions about how to make this process more
secure? Manual vetting won't work, because as of right now I am only one
person and I have to decide
do i spend my time doing:

- web development
- malware analysis
- or vetting 60,000 people I do not know?


So, use an automated vetting system. You start off by choosing to trust, 
say, a dozen people, then you build a chain of trust from there. You don't 
allow anonymous joining, people have to give some serious identification 
information (you can't have a chain of trust without that), and need to 
give N references of people already on the trust list.

Personally I prefer the malware analysis choice.

If there are some nifty technical solutions to ensuring the malware is only
available to "qualified" (who makes that determination or how?) researchers
Id love to hear them. For example E-Bay has an interesting feedback system
to help buyers and sellers gain more confidence. Could something like that
be implemented here ? (im not sure how) what other ideas are there ?

I want to hear ways to make this better. "Stop doing it" doesn't qualify.


Actually, that works very well, plus it frees up more of your time to do 
what you want to do - malware analysis.

Incidentally Drsolly you say "its not my job to change your mind, its your
job"

However my opinion is that if you really care about this issue, and disagree
with me, and you want me to stop, it IS your job to discuss with me what you
want if you hope to acheive anything. Otherwise it can be viewed as simply
trolling?


No. All I need to do, is tell you my views and tell you the downsides. 
There's absolutely no point in me repeating that. 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!], (continued)
- - - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Paul Vixie (Dec 30)
    - heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Gadi Evron (Dec 30)
    - Re: heinlein, a fascist? HOW DARE YOU??!! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 30)
    - Re: heinlein, a fascist? HOW DARE YOU??!! Paul Vixie (Dec 30)
    - Re: heinlein, a fascist? HOW DARE YOU??!! [WAS: Malware sharing? People are full of shit] Pierre Vandevenne (Dec 30)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
    - RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
    - Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
    - RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
    - Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Richard Cox (Dec 29)
    - Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] John LaCour (Dec 28)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 29)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
    - Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Pierre Vandevenne (Dec 29)
    - Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
    - Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)

(Thread continues...)