[funsec] DefCon 'Race to Zero'

Paul Ferguson fergdawg at netzero.net
Fri Apr 25 22:04:17 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- B Potter <gdead at shmoo.com> wrote:

>I find the whole situation offensive.  We are WAY too polite about  
discussing vulnerabilities in public right now.  The ppl attacking us  
aren't ashamed to share information, and we shouldn't be either.   
Unfortunately, as a community, there's a self-imposed gag order in  
place that basically says "if you drop 0-day, you are evil"
>
>Just because you don't talk about something, doesn't mean it's not  
there... that's been a core tenant of security research for a long  
time.  That's why we have concepts like full-disclosure and that's why  
many conferences were originally created.  More power to the contest  
organizers for encouraging public discourse about the state of  
vulnerabilities.
>

I'm happy to discuss vulnerabilities. In fact, I agree with almost
all of your points.

This is about creating new malware as a contest to slip by
AV scanners.

What the does that prove? Nothing, really. If people rely
solely on an AV scanner for protection, they are sorely
misguided.

AV is only a tool. To assume it is anything more than that is
disingenuous. Everyone knows that criminals have set up their
own private "VirusTotal-like" scanner portals to test whether or
not they can slip a new binary down the Botnet C&C pipeline.

I call this what it is: "infotainment". It really accomplished
nothing more than that.

This won't be decided here, or in the court of public opinion,
either.

When you look at the fact that, in the past week alone,
more than ~600,000 websites have compromised to harbor malicious
iFrames or JavaScript in this whole process -- to infect unwitting
consumers in an ongoing effort to rob them blind -- the problem is
much, much larger than trying bypass virus scanners.

$.02,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIEpuuq1pz9mNUZTMRAh9AAJ4iv4Ngl8hJRI/LDu4FAK2EDqUEiwCg7pDd
R9oiEylc6lKQTIp5lye0izI=
=P34S
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/





More information about the funsec mailing list