Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

[val smith <mvalsmith () gmail com>]

So how would one scientifically measure the impact? Maybe watch
incidents.org for rises in reports after I post something? Other ideas?
Maybe try to correlate malware spewing IP's with downloads?

An automated vetting system is somewhat interesting. I wonder however if it
can't be defeated easitly. Id like to hear more on this. What happens to
people like many of my contributers who aren't affiliated with any kind of
organization, and yet willing to contribute postive work? Do they just have
to go back underground again? Or how does that work? How do I reach the
widest possible audience, and inspire new people to contribute without
allowing "blackhats" to access it?

Ps. Drsolly,

> No. All I need to do, is tell you my views and tell you the downsides.
> There's absolutely no point in me repeating that.

definilty no need to repeat yourself, I think you've done it enough already
:)

Anything new you have to say however is read with interest.

V.
On 12/28/05, Randy Abrams <abrams () eset com> wrote:
> > -----Original Message-----
> > From: Gadi Evron [mailto:ge () linuxbox org]
> > Sent: Wednesday, December 28, 2005 3:31 PM
> > To: Drsolly
> > Cc: Randy Abrams; funsec () linuxbox org; 'Blue Boar'
> > Subject: RE: [funsec] Re: Malware sharing? People are full of
> > shit [was: Getyour computer viruses here!]
> >
> >
> > > I am helping him. I'm explaining why it's ethically wrong to run an
> > > unvetted VX, and about the legal hot water he could find himself in.
> >
> > You are indeed investing time and effort to educate. You are
> > however only critisizing, even if in a good manner. You are
> > not actively helping him.
>
> How can you say that. Add vetting to the site is a specific, constructive
> suggestion. If I think of another way to vet people without vetting them
> I'll add it and I'm sure Solly will too, but that's the point that needs
> to
> be addressed.
>
>
> > What we argue is the enviroment changing, not if it's right
> > or wrong in theory.
>
> Fine, but that doesn't prove that offering every blackhat in the world a
> centralized repository is a good thing. Why not just have all of the AV
> companies post each sample on their web site? I doubt that most of the
> people you want to protect would appreciate that.
>
> > In theory, MALWARE IS WRONG PERIOD. In practicality, it's
> > good if you study it to combat it.
>
> No, the malware is not good. Doing something to combat it is good, but the
> malware is still bad and posting it publicly is unlikely to help. To add
> to
> that there has been absolutely zero discussion about even trying to
> measure
> the impact. In other words the argument is to put it out there in order to
> help in a manner known to cause problems without any hope of proving that
> it
> does any more good than harm. A completely unscientific exercise in erring
> on the side on recklessness.
>
> > Today's enviroment made it impossible for the good guys to
> > get help or help themselves, while the bad guys rule the world.
>
> Yeah, damn it I hate having to ask permission to go to sleep. Ever since
> the
> bad guys started ruling the world I've had to raise my hand to go
> potty....
> Bravo, nice melodramatics.
>
> Hint.. Good guys often get code from the same places bad guys do. That
> doesn't mean good guys have to post to places that bad guys can access.
>
> > So yeah, I'll say run an open VX, and let everybody use it 0
> > 0 but make sure researchers can reach it as well as just the
> > bad guys with their resources.
>
> That's an idea that's been around for ages. Why do we need another one of
> those?
>
> Cheers,
>
> Randy
>
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.