funsec mailing list archives
Re: Re: summary of the "sharing samples" thread from my view-point
From: Pierre Vandevenne <pierre () datarescue com>
Date: Sun, 1 Jan 2006 01:13:33 +0100
Good Afternoon, NF> Seriously, I want (in fact, need) to know the answer to this. The issue isn't black or white. If it were, we wouldn't have been discussing it since dawn. The current vetting systems for malware sharing are a bit like freemasons clubs. There are real obstacles, and I am not talking about technical ones, for competent newcomers to enter the field. And I am not talking individuals either. Some significant companies have been excluded from those clubs for one reason or another. (and I am not talking about mine, in our case the situation is simple: if the new sample is problematic from an analysis point of view, we get it and are asked to fix things in a worry; if the new sample isn't problematic, we'll never hear about it and won't care.) It works a bit like political parties, friends, lobbyists and all that kind of stuff. I once had the hobby of analyzing viruses. One day, I analyzed a significant one and understood, by sheer luck, one peculiar, until then unseen, activation routine. I believe you independently understood it as well, if I remember the mail exchanges we had then... (no need to name anything, the point isn't there) The funny thing is that some big names of the industry had initially missed or misunderstood the routine. After reading a couple of bogus analysis on the web, I fired up a few e-mails. Responses from industry pundits ranged from "we'll investigate" to "Pierre, don't try to play with those things, you might hurt yourself". Quite funny, coming from people who, in some cases, were actually going to hurt themselves a few days later... That's when it occurred to me that a lot of talented newcomers, except the ones that followed rules such as formally applying for an a-v job with a member company would have major trouble contributing usefully. Current "good guys" systems are a bit inadequate: it can't be denied, no matter how hard it is attempted. But I agree with you that the equivalent of a VX board isn't an adequate response. -- Best regards, Pierre mailto:pierre () datarescue com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 31)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 31)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 31)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 30)
- summary of the "sharing samples" thread from my view-point Gadi Evron (Dec 30)
- Re: summary of the "sharing samples" thread from my view-point Nick FitzGerald (Dec 31)
- Re: Re: summary of the "sharing samples" thread from my view-point Drsolly (Dec 31)
- Re: Re: summary of the "sharing samples" thread from my view-point dudevanwinkle () gmail com (Dec 31)
- Re: Re: summary of the "sharing samples" thread from my view-point Drsolly (Dec 31)
- Re: Re: summary of the "sharing samples" thread from my view-point Gadi Evron (Dec 31)
- Re: Re: summary of the "sharing samples" thread from my view-point Pierre Vandevenne (Dec 31)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Paul Vixie (Dec 30)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
- where are all the researchers here? speak up! [WAS: Malware sharing? People are full of shit] Gadi Evron (Dec 29)
- Re: where are all the researchers here? speak up! [WAS: Malware sharing? People are full of shit] Dude VanWinkle (Dec 29)