lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.62.0808280732440.13815@linuxbox.org>
Date: Thu, 28 Aug 2008 07:43:23 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: bugtraq@...urityfocus.com
Cc: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk
Subject: reviving the botnets@ mailing list: a new statregy in fighting cyber
 crime

The public botnets@ mailing list, where malicious activity on the Internet 
can be openly shared, has been revived, and boy is it active.

Warning: live samples and malicious URLs are openly shared there.

Mailing list URL: 
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reasons, thinking and explanations:
http://gadievron.blogspot.com/2008/08/public-sharing-and-new-statregy-in.html

Excerpt:
------
A couple of years ago I started a mailing list where folks not necessarily 
involved with the vetted, trusted, closed and snobbish circles of cyber 
crime fighting (some founded by me) could share information and be 
informed of threats.

In this post I explore some of the history behind information sharing 
online, and explain the concept behind the botnets mailing list. Feel free 
to skip ahead if you find the history boring. Also, do note the history in 
this post is mixed with my own opinions. As I am one of the only people 
who where there in the beginning though and lived through all of it, I 
feel free to do so (in my own blog post).

As I conclude, we may not be able to always share our resources, but it is 
time to change the tide of the cyber crime war, and strategize. One of the 
strategies we need to use, or at least try, is public information sharing 
of "lesser evils" already in the public domain.

..
..

To fight a war, you have to be involved and engaged. On the Internet that 
is very difficult, but the Russians found a way. It is a fact that while 
we made much progress in our efforts fighting cyber crime, we had nearly 
no effect what-so-ever on the criminals and the attackers. Non. They 
maintain their business and we play at writing analysis and whack-a-mole.

Using the botnets mailing list, I am burrowing a page from the apparent 
Russian cyber war doctrine, getting people involved, engaged. Personally 
aware and a part of what's going on.

It can't hurt us, and perhaps now, four years over-due and two years after 
the previous attempt, we may be ready to give it a go and test the 
concept.
-------

 	Gadi Evron.

--
"You don't need your firewalls! Gadi is Israel's firewall."
     -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy to the Accountant General,
        Israel's Ministry of Finance, at the government's CIO conference, 2005.

     (after two very funny self-deprication quotes, time to even things up!)

My profile and resume:
http://www.linkedin.com/in/gadievron

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ