lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <3F47496A.28467.82FEA33C@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Sobig.F...what took so long

"Robert Ahnemann" <rahnemann@...inity-mortgage.com> wrote:

> So its 4 days after the virus was found, and they just discover that its
> got a list of 20 machines that it will pull from to create a massive
> DDoS across the net?  What took them so long to find it?

No.

Reading the more detailed descriptions posted by some antivirus 
developers back on Tuesday and Wednesday you would have seen that it 
was well-known that this was coming.

Now, four days later, some companies have elected to draw some media 
attention by announcing "We have discovered [blah, blah, blah]".

Of course, if you trust these companies then the fact their claim 
strongly implies they have just discovered this feature of the virus 
suggests something about the quality of their research.  If you think 
that this element of their recent press releases is "just over 
enthusiastic marketing" then that tells you something else about these 
companies and their priorities...

Several companies just got on with the job, coordinated behind the 
scenes, pooled resources and information and tried to get suitable 
authorities involved so the right actions would be taken at appropriate 
times.  No (well, little) need for media histrionics, etc, etc.  Much 
as this list is "full-disclosure" I'm sure even the most ardent pundits 
of that position understand that there can be times that to STFU and 
not say anything publicly can be highly desirable to getting the best 
outcome.  Not all situations can be "fixed" most appropriately by 
informing world plus dog (ahead of time) what is in store.  (If you 
don't understand that, get out of the security industry as you are a 
liability, not an asset.)


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ