[funsec] Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

Randy Abrams abrams at eset.com
Wed Dec 28 16:18:55 CST 2005 

 

> -----Original Message-----
> From: funsec-bounces at linuxbox.org 
> [mailto:funsec-bounces at linuxbox.org] On Behalf Of Gadi Evron
> Sent: Wednesday, December 28, 2005 1:24 PM
> To: Blue Boar
> Cc: funsec at linuxbox.org
> Subject: Re: [funsec] Re: Malware sharing? People are full of 
> shit [was: Getyour computer viruses here!]
> 
> > In short, I think Val should continue, and we all see what happens.
> 
> In other words, he will do it anyway and he may succeed or 
> fail miserably. I rather all th epeople who critisize him, 
> help him instead to reach a secure enough manner of doing this.

That's exactly the point of recommending vetting. When John Aycock of the
University of Calgary announced his ignorant plan to include virus writing
in his course, we all tried to talk him out of it. The best argument that he
could come up with was something about Mao killing teachers (revolutionary),
but when it was evident that Aycock was not going to listen to reason that's
when I suggested security measures that he did implement. Vetting is a
reasonable security measure here.

> 
> Whatever reasons are set against it, it is plain enough that 
> there is source code by gigabytes online with some Googling 
> or a bit of collecting.

There are lots of people doing irresponsible things, but that is hardly a
reason to join them.

> IRC channels of not hard core VX-ers but kiddies who would 
> share any sample with you, and even SUPPORT forums online for 
> malwre writing.
> 
> Security researchers however, often have to beg.
> 
> Right or wrong, it's forced on us.

I never feel like asking a security professional for a sample is begging.

> 
> I'd rather look at this situation as there being anthrx 
> everywhere, and yet a select few universities and research 
> institutions refuse to share with researchers outside their box.

I think your lists are a great example of how people who are not necessarily
on the inside can cooperate in a vetted environment.

> First let's face the music, save the net, and move back to 
> old traditions we all love.

Good idea. We can make a point of not placing malware out where children can
hurt themselves and others with it, even if others do!

Cheers,

Randy

More information about the funsec mailing list