lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <89D097CC1D003643BB9F13714BA9723B04B9ECD2@OCCLUST01EVS1.ugd.att.com>
From: elsner at att.com (Elsner, Donald, ALABS)
Subject: Show me the Virrii!


-----Original Message-----

I like the idea of scanning for valid software.  There are some problems
with it that would need to be overcome, though:

1.  Who makes the list, and keeps it updated?  This would be a huge
undertaking. 

------------------- snip -----------------------------------
The U.S. Government is already doing this......  Please see
	
National Software Reference Library (NSRL)
(http://www.nsrl.nist.gov)

Overview: The National Software Reference Library (NSRL) provides a
repository of known software, file profiles, and file signatures for use
by law enforcement and other organizations in computer forensics
investigations.
Industry Need Addressed: Investigation of computer files requires a
tremendous effort to review individual files. A typical desktop computer
contains between 10,000 and 100,000 files, each of which may need to be
reviewed. Investigators need to eliminate as many known files as
possible from having to be reviewed. An automated filter program can
screen these files for specific profiles and signatures. If a specific
file's profile and signature match the database of known files, then the
file can be eliminated from review as a known file. Only those files
that do not match would be subject to further investigation. In
addition, investigators can search for files that are not what they
claim to be (e.g., the file has the same name, size, and date of a
common file, but not the same contents) or files that match a profile
(e.g., hacking tools).




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ