lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <E924F679D556A345B865717377DCDFC4304AD9@ROKEMAIL.staff.ad.cqu.edu.au>
From: b.griffin at cqu.edu.au (Brad Griffin)
Subject: Sample of Mydoom A & B

Hi all 

ad nauseum

I believe it is full disclosure, but not the local virus code
repository. There is a HUGE (no really, it is HUGE) difference between
'full-disclosure', where the nitty gritty details of a bug/exploit/hole
is described and making available executable malware (read: virus/worm).
I would suggest Mr FitzGerald and I believe Mr Schmehl have explained in
other posts why anti-virus professionals are loathe to supply code to
'outsiders' for want of a better description. 

I'm quite interested in how heat seeking missiles are made and how they
work, but I doubt anyone from the military will give me one for research
or to alleviate my curiosity.

Cheers,
Brad

> -----Original Message-----
> From: Ben Nelson [mailto:lists@...om600.org] 
> Sent: Tuesday, February 03, 2004 9:57 AM
> Nick FitzGerald wrote:
> > ":-\)" <nirt_speed@...oo.com> wrote:
> > 
> >
snip 
> I 
> am hoping 
> >>someone here has a copy of Mydoom A and B.  If so, please 
> contact me 
> >>off-line.  THANK YOU
> > 
> > 
> > Oh good, so another lamer can "accidentally" spread it further.
> > 
> > There is a very good rule of thumb regarding who needs 
> virus samples 
> > -- if you need to ask on a public mailing list, newsgroup etc, you 
> > don't need them.
snip
> > 
> 
> Sounds a bit elitist to me.....this is "FULL DISCLOSURE" is it not? 
> What about the researcher (or random curious student) who 
> does not have a relationship with any 'hackers' or anti-virus 
> vendors whom they could ask for virus samples?
> 


> --Ben
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ