lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: nick at (Nick Jacobsen)
Subject: Re: DoomJuice.A, Mydoom.A source code

Now Nick, don't take this wrong...  but this seems to me to be a case of
closing the barn door after the f***ing hourses already got away.  The
source code is now freely available from many sites, so why not share
with someone who at least seems a bit professional?
As four the source code, Riad...  check the following link:
Now, I don't generally recommend that site, but hey...  if they got it,
use it...

	-----Original Message----- 
	From: Riad S. Wahby 
	Sent: Mon 2/9/2004 8:29 PM 
	Subject: [Full-Disclosure] Re: DoomJuice.A, Mydoom.A source code

	Mr. FitzGerald,
	Nick FitzGerald <> wrote:
	> I can see how it could be used as an invaluable _publicity_
aid for
	> attracting folk to the class.  However, as a teaching aid, it
is highly
	> unlikely to be of much more or less value than the source of
any of
	> dozens upon dozens of other malwares, and and that value would
be very
	> low...
	People won't be attracted to the class based on the source code
	presenting, as they won't know about it beforehand.  To be sure,
	source to any old virus would in fact work, and I will certainly
	consider many others as well in deciding the specifics of the
	cirriculum.  My intent is to emphasize material taken from
issues that
	attendees can relate to directly; undergrads are extremely
unlikely to
	have much personal experience at all with Robert Morris's 1988
	> Unless you are planning on teaching malware _writing_?
	Of course not.  The seminar deals with the mechanisms, targets,
	psychology of a malware pandemic.
	> For folk interested in work in the antivirus and related
	> fields, source code is all but worthless.  We rarely have the
	> code of the malware we have to analyse -- at least, we rarely
have it
	> in advance of, or concurrent with, having do such analyses.
	> engineering is the name of this game and source code is then
	> -- if you have source you need not reverse and if you must
reverse you
	> would not have the source...
	The class in question is not about reverse engineering.  It
	not the response and interdiction from AV companies et cetera,
but the
	underlying social and technical infrastructure upon which
viruses and
	their authors rely.
	> Also, from a purely pedagogical perspective (I majored in
	> and Education), I find your claim that having the source of
	> malware "could be an invaluable teaching aid" deeply
	> Teaching from the specific is generally superficial, less
	> and generalizes much less well than providing a good
	> grounding in the subject matter.  Could you expound the
	> applications that presenting this specific malware's source
code to
	> your class would illustrate especially well?
	Clearly one must also recognize the importance of providing
	particulars in which to couch the theoretical.  Of course, I'm
	going to hand out pages of source and say "this is it kids,
study up."
	Instead, general claims will be augmented with carefully chosen,
	specific examples.
	> Finally, whether you obtain this code or not, what aspects of
	> ethics of possessing, handling, distributing, etc such code
will be you
	> be teaching?
	This is obviously an important topic, and one that I will go to
	lengths to stress.
	> Personally, I doubt they will be substantial (or even present)
	> your initial approach to obtaining the code shows a serious
lack of
	> concern for some significant ethical issues straight off...
	I asked people to email me personally; in doing so, I was
	to contact those who might be of assistance.  Moreover, by
	to do so in a personal context (off-list) I've implied that I'm
	willing to confirm my identity and describe in greater detail my
	intentions.  As far as I can tell, I have ignored no "ethical
	in attempting to establish a dialogue with those who might help
	> And what controls will you be placing on your students
	> copying, etc the code?  Given your brazenly open and
"uncaring" request
	> here, why should we expect that you will take any special care
with the
	> code and its further distribution to and among those taking
your class
	> and their room-mates, buddies and other contacts?
	As I will neither be distributing code in electronic form nor
	out intact code listings, there is little danger that my
students will
	be able to assemble a virus based solely on what I provide.
More to
	the point, and to be quite frank, this is MIT.  The students
	don't need someone else's source code to write an email virus;
	would, however, be well served to be shown examples germane to
	modern virus "landscape."
	My request was brief and to the point so as not to waste the
time of
	those it did not concern (a topic on which others might use a
	or two).  Your claim that it was "uncaring" is completely
	basis in fact.  It was an open request because I have nothing to
	It gave enough information to make initial contact with those
	might help me without unduly taxing the schedules of those who
	or will not.
	Mr. FitzGerald, I've read many of your posts to full-disclosure,
and I
	am familiar with the apparent intensity of your personality.
	vigilance in matters such as these is not only appropriate, but
	required.  On the other hand, your surplus of zeal in responding
to my
	message might be viewed by some as an attempt to quash the
	academic study of an issue of ever-increasing import, or
	holier-than-thou proselytizing based on a questionable
	of my intentions.  In the future, I encourage you to temper your
	in order to prevent such misunderstandings.
	Riad Wahby
	MIT VI-2 M.Eng
	Full-Disclosure - We believe in it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 9242 bytes
Desc: not available
Url :

Powered by blists - more mailing lists