[funsec] www.hexblog.com down?

Pierre Vandevenne pierre at datarescue.com
Wed Jan 4 18:24:17 CST 2006

Good Day,

Thursday, January 5, 2006, 1:00:26 AM, you wrote:

SD> bad stuff DOES happen and therefor you MUST do something.  But too often

Well, it IS currently happening. Not as much as some say, but more
than the minimal estimate.

SD> Guilfanov's product should consider it for their organizations. Just
SD> because its free doesn't make it any worse (or better) than other security
SD> products you can buy.

Did I say that in any way?

But I can tell you one thing: if Ilfak had attempted to make money
with this fix, he wouldn't have a job here anymore. But knowing Ilfak,
the point is moot...

SD> That's different than saying use it or else something bad might happen.

Did I say that in any way? I said that, based on my best information
and knowledge, I felt that my company, DataRescue was at risk and I
did not like it. Do you disagree with my assessment on a detailed
technical basis, or are you just expressing an opinion?

You may think I am totally wrong here, but given the fact that my
company produces what is probably the most widely used malware
analysis tool available, I have the weakness to believe I can make a
somewhat informed choice in that matter. And I am not making that
choice for you, just for me.

The cost for a fix that suited my need was minimal (my programmer's
time). I believe, but that is just an opinion, that many organizations
have the programming resources to tackle similar problems in-house and
that they might want to consider that option for themselves.

A few years ago, I wrote this,


in the midst of the first "Palm virus" media hysteria, because I
believed the palm trojan risk was close to zero. In that case, given
the best knowledge that was available to me at the time, I decided NOT
to do anything. Exercising my freedom to assess a situation. My
assessment of the current risk here was different.

Best regards,
 Pierre                            mailto:pierre at datarescue.com

More information about the funsec mailing list