funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: Gadi Evron <gadie () infragard org il>
Date: Thu, 29 Dec 2005 17:52:39 +0200
John LaCour wrote:
On 12/28/05, val smith <mvalsmith () gmail com> wrote:Can anyone make technical suggestions about how to make this process more secure?I. Have users authenticate themselves to the website after first registering via email. A Optionally, New users can only get credentials after being nomimated by two existing members 1. Optionally, Seed the first users with well known AV vendor people II. Only post samples that are detected by at least one major AV vendor; send undetected samples to legit AV vendors (this will discourage people from writing new stuff and uploading it) III. Remove samples after a period of time. Most legit analysis only need be done for a period of time shortly after discovery IV. Don't provide access to file infectors. These are relatively rare and easy to mishandle V. Don't provide any source of any kind VI. Limit the amount of stuff that someone can download so that they can't leech the site VII. Encrypt samples in storage and unencrypt (or provide the key) on the fly when the file is requested. This should raise the bar should your server itself be compromised. VIII. Freely provide as much information as possible about the sample so that users may use that information and don't need to get the sample itself. e.g. filenames used, bot C&Cs, URLs it requests, MD5 / SHA-1 hashes, CLAM sig, etc. I'm sure there's more, but that's a off the top of my head...
Sound vetting suggestions.. which make the point moot. He needs to open up to thousands of researchers, how does he do that? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Richard Cox (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] John LaCour (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Pierre Vandevenne (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 30)
- Re: Get your computer viruses here! Drsolly (Dec 27)