lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: [VirusTotal] Scan result (fwd)

Michel Messerschmidt wrote:

>On Fri, Sep 03, 2004 at 10:43:50AM +0530, Aditya Deshmukh wrote:
>  
>
>>hey if the binary is infected and does not contain any hardcoded 
>>sencitive info what do u care about the owners of the website ? 
>>    
>>
>
>Unless for (a purely theretical) example the website would use your 
>submission to infect others (perhaps with your address as sender) :-) 
>Although the binary may not contain any sensitive data, it is dangerous 
>in itself because it is self-replicating and thus hard to control once 
>it is activated. If your are not very cautious when handling 
>self-replicating code, you most likely end up sending it out to the 
>world.
>
>So for the question how to handle possibly dangerous code 
>it all comes down to "Who do you trust" ?
>
>  
>
Or, potentially, use the fact that you're infected with something 
against you.  Like, say, holding a red flag up saying that you're 
backdoored.

I have no evidence to suggest that that's what's going on -- just 
bringing it up as something someone can possibly gain from a submission 
of this type.

             -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ