Vulnerability Development mailing list archives
Administrivia #8704 (I think we should just be friends)
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 6 May 2000 11:19:04 -0700
(warning, long) M J wrote:
<for the moderator> Can this be the last of this thread please? Looking for additional news and surfing CNN/ZDNET/etc regarding this virus really doesn't seem to have any berring on developing vulnerabilities or the like. hmmm....just look thru SecurityFocus.com news and follow the links.
Well, that's a really good point. When a major problem like this crops up, this list (like many other security-related lists) tends to go into Emergency Broadcast Mode (beeeeeeeeeeeeeeeep.) This is due mostly to an assumption on my part that most of the subscribers (like me) actually have the real job of protecting stuff, rather than breaking it. Perhaps a bad assumption. I like to think that we do/can go a bit beyond most other lists in terms of technical detail, and absolutely do better than any of the traditional media sources. Bugtraq is as full disclosure as we are, but doesn't allow for the discussion (one of the main reasons I wanted to start this list.) I do consider taking a peek at the latest worm/trojan/virus making the rounds on-topic. There's usually some interesting technical bit. Sadly, I'm stuck, like the media, with defining "interesting" as whatever is getting the most attention. For evil code, that is maybe one definition of "success." Naturally, I would advise against releasing new malware, unless you really want to have a $10 Billion (yes, United States "B") damages charge stuck to you, and have every law enforcement group in the world looking for you. However, if you insist, you can probably get pointers here. My personal set of morals draws a thin line between doing exploits, for which the problem exists with or without you, and writing malware, which DOESN'T exist until you create it. Don't get me wrong... I've written a couple of toy viruses myself, and I fully support your right to write them. I just question the individual who actually releases them in the wild. Now, there's a difference between handing everyone the code to do with as they need, and beating the horse to death and converting the list into a prevention list. I need help determining where to cut it off. If you care one way or the other, shoot me (not the list) a note with your thoughts. Moderation over the last couple days: In the last two days, I've received about 2000 emails... the vast majority of which were bounces, errors, and mail gateways with virus scanners informing me that I sent out a "virus". Yeah, thanks for the info. :) That means in the future, I will be trying to do a better job encapsulating bad code to avoid setting those off, for the sake of my mailbox. The zip with a password seemed pretty good... only a couple gateways refused to let in a zip that they couldn't open. This also means that I was probably sloppy and over or under selective about what I let through. If your note didn't get posted, especially if was on a regular topic, then I probably accidentally deleted it in the middle of a 300 message block of errors or something. If you sent a note to the effect of "yeah, me too." or "Outlook sucks." then I probably declined to send it through. I also let through a bunch of messages about how to fix the damn thing. These are really off-topic, but some were really good or provided good pointers to info. I'll start dropping these now (and I've already dropped a bunch.) However, if there's something I like (and sorry, you're stuck with my judgment) I may let it through for the next day or two. For example, I let through a thread regarding the follow-the-sun nature of the thing. I thought that was very interesting, and relevant to worm behaviour in general. OK, I'll shut up now. Basically, if you think I should just have sent through the code, and then dropped the discussion, shoot me a note. Back to breaking stuff. BB
Current thread:
- Re: Networking theories Matthew King (May 05)
- Re: Networking theories Pavel Kankovsky (May 07)
- <Possible follow-ups>
- Re: Networking theories Matthew King (May 05)
- Egress checking (was Re: Networking theories) Dick St.Peters (May 05)
- The Million Dollar Solution Matthew Harmon (May 05)
- Re: The Million Dollar Solution Ron DuFresne (May 05)
- Re: The Million Dollar Solution Rob Perry (May 06)
- Re: The Million Dollar Solution Jeremy Speer (May 06)
- Very Technical info about The VIRUS repair...but well laid out Robert Riebs (May 06)
- Administrivia #8704 (I think we should just be friends) Blue Boar (May 06)
- Re: The Million Dollar Solution (NOT?) Nohican (May 06)
- Re: Networking theories Matthew King (May 06)
- Re: Networking theories Bluefish (May 07)
- Re: Networking theories Aussie (May 07)
- Re: Networking theories Matthew R. Potter (May 07)
- Re: Networking theories J . Phillips (May 08)
- DoS Local machines Jason (May 07)
- Re: DoS Local machines Jonathan Williams (May 07)
- Re: DoS Local machines Seth R Arnold (May 07)
- Re: DoS Local machines Arturo Busleiman (May 10)
- Re: Networking theories Matthew R. Potter (May 07)
(Thread continues...)