| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: MyDoom.b samples taken down Ed Carp <erc@....kicks-ass.net> wrote: > This is just so arrogant as to be unreal. ... First, I take it you don't me that well... Second, therefore I take it that you support increasing the spread of viruses through encouraging inexpert fools to just have at it with virus binaries... Repeating your opening comment: > This is just so arrogant as to be unreal. ... Pot, kettle, black. > ... And how do you suppose those > "experts" got to be that way? ... By experience -- 'tis commonly the difference between an "expert" and one less so... But to pull this back to the issue I was dicussing, rather than the one you want to misrepresent it as, where in "is a reverse engineering expert, skilled in x86 assembly, DOS and Windows executable formats, system structures and internals, runtime decompression and decryption techniques, anti-debugging tricks and so on" does "and recklessly endangers the computing public by posting viral code on public web sites" fit into the job description of a virus analyst? That is one of the differences between a _responsible_ virus analyst (regardless of their level of expertise) and what Daniel did. You wouldn't want us to be seen to "fuelling the problem" to ensure we have a job would you?? > ... You wouldn't happen to work in the field, > would you, Nick? So? Vested interest? Nope -- analysing these things day in day out can be exceedingly dull much of the time, so having good "fresh blood" enter the industry via the malware analyst route is a good thing. However, we will not compromise the ethical standards built up over many years, so folk tempted to do what Danial has and thinking of doing this kind of work professionally should think again as they will hard-pressed to find well-paid work in a major company if they have a history of pulling stunts such as Daniel's... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists