lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Slapper worm redux;

Mark Renouf <mark@...akt.net> replied to Ron DuFresne:

> > the second worm. "It was significant that source code for the original
> > Slapper was distributed within the computer underground immediately after
> > the worm was detected in the wild," he said.

["he" is David Morgan of ISS]

> Uhhh... didn't the worm distribute it's own source code?

Yep.

_But_ that does not mean that the further distribution of its source 
code did not further contribute to the likelihood of new variants 
appearing.

The biggest "flaw" in the original story (as quoted by Don DuFresne)
is not this, _but_ that at least two significant variants were
spotted over the weekend following th worm's release.

There is a special kind of short-sighted, close-minded "openness is 
always good" bigotry that goes into the belief-set that may have 
prompted Mark's comment.  Often the further _and largely 
uncontrolled_ distribution of malicious code is actually the source 
of future variants.  "Open" and "so open your mind falls out" need 
not be the same thing -- sadly, in many proponents of the "full 
disclosure" mind-set, such obvious issues are never fully realized 
(at least, not until it is too late).

Just as "fully open markets" are not "perfectly competitive" (go ask 
any _informed_ economist -- there are a few of then out there), full 
open disclosure is not always the best security approach in the real 
world.

You don't agree -- fine, but please don't expose your ignorance by 
trying to explain to me why I am wrong...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ