Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

[Gadi Evron <gadie () infragard org il>]

John LaCour wrote:
> On 12/28/05, val smith <mvalsmith () gmail com> wrote:
>
>
> > Can anyone make technical suggestions about how to make this process more
> > secure?
>
>
> I. Have users authenticate themselves to the website after first
> registering via email.
>     A   Optionally, New users can only get credentials after being
> nomimated by two existing members
>          1.   Optionally, Seed the first users with well known AV vendor people
> II.  Only post samples that are detected by at least one major AV
> vendor; send undetected  samples to legit AV vendors
>      (this will discourage people from writing new stuff and uploading it)
> III.  Remove samples after a period of time.
>       Most legit analysis only need be done for a period of time
> shortly after discovery
> IV. Don't provide access to file infectors.
>      These are relatively rare and easy to mishandle
> V. Don't provide any source of any kind
> VI.  Limit the amount of stuff that someone can download so that they
> can't leech the site
> VII.  Encrypt samples in storage and unencrypt (or provide the key) on
> the fly when the file is requested.  This should raise the bar should
> your server itself be compromised.
> VIII.  Freely provide as much information as possible about the sample
> so that users may use that information and don't need to get the
> sample itself.
>   e.g.   filenames used, bot C&Cs, URLs it requests, MD5 / SHA-1
> hashes, CLAM sig, etc.
>
> I'm sure there's more, but that's a off the top of my head...

Sound vetting suggestions.. which make the point moot.

He needs to open up to thousands of researchers, how does he do that?
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.