lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: silvio at big.net.au (silvio@....net.au)
Subject: Unix-Virus Mailing List

Its time again to announce the long anticipated *eyebrow raise* relaunch of
the -->

UNIX VIRUS MAILING LIST
-----------------------

unix-virus-subscribe@...ts.segfault.net

^^ subscriptions here.

It is a moderated list, for which I will moderate and hopefully not be too
noticable on the moderation end for people.

Initially when unix-virus ran for its short time a few years ago, it was
un-moderated list, however the content on the list quickly turned into a
situation where posts were talking only of poor philosophical (because they
weren't philosophical) discussions centralized over os religious wars.

The list was primarily aimed at being a technical forum on virus technology
aimed in the direction of Unix.  Including such topics, but not limited too,
reverse engineering, binary analysis, anti-virus technology which go into
forensics these days.  And of course unix virus!

--> some example discussion topics (that i find interesting anyway). but
--> the list is a public forum, so its everyone's content that makes
--> value to the list.  these are mostly your "non virus" considered
--> material, so thats why i'll show examples of relevant discussion without
--> talking too much about "virus specific" topics.

If interesting discussions regarding other platforms, or even non binary
discussions, then I believe this is the highly appropriate for the list.  An
example of a non binary discussion could be something like the limits of virus
detection in terms of language recognition (ie, turing, cfg's, ram etc -
which one of these can a virus always be detected on given computational
models such as a universal turing machine!? - ok.. maybe preschool comp
sci to some, but definately relevant to the list :)

Another non direct "virus" topic, could be generic binary analysis, or 
program understanding problems.  Does a checker for source code help us
understand virus technology - yes.. source checkers offer many techniques for
use in general reverse engineering, and program analysis.  Binary analysis
and its relation to program verification or automated bug checkers? - I
believe they are very relevant. Please free to expand upon these on the list :)

Naturally.. Binary format specific's are important when discussing any
type of virus (even macro style virus i suppose).  Ideally "I'd" want to talk
about ELF, since i'm crap at other object formats :)  however, other
platforms and formats are extremely welcome.  An example topic of discussion
here is that currently there is not a linux virus that is undetectable
through pure automated geometry checking of the object format structure!  There
are ways of course, that make automated detection hard here, but most of
these techniques require some pretty hefty work on a binary and cross over
into binary analysis themselves!  eg, relinking a binary given no
relocation information - or moving chunks of code around but keeping all
relative jumps etc consistant (zombie apparently did this in windows!).  This
technology is ofcourse virus related, but crosses fields into "non virus"
areas as generally viewed by the mainstream.

Another question, is poly/meta morphic code.. its a relatively old technique,
but can these techniques be applied generally to any given binary over
the entire program?  - I believe so, at least in some specific ways such
as instruction re-ordering, which also happens to be a compiler construction
problem.. we'll see how much I can implement, because I aint got squat done on
it atm ;-)

dead code elimination in a binary?  seems possible, but requires at least
being to arbitrarily shift pieces of a binary around and still have it
run.  sometimes very effective relocation can be done quite adhoc'ly that
work well in practice.

-->

so thats a very small announcement for unix-virus.  i hope people contribute
and dicuss many issues relating to the wonder world of unix-virus (I wont
be writing a unix-virus pop-up book this time however - lets hope).

I am new to this entire moderation thing, so please go easy, and feel free to
spam me with questions or commentry if you want to do.

^^ i must say thanks to skyper for providing the hosting :)
^^ now.. everyone better subscribe!

--
Silvio

Powered by blists - more mailing lists