lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40290322.30845.20CADC5C@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: DoomJuice.A, Mydoom.A source code

"Riad S. Wahby" <rsw@....edu> wrote:

> According to most reports on the matter, DoomJuice delivers the source
> of Mydoom.A to infected computers.  I'm running an informal seminar on
> malware and this could be an invaluable teaching aid.  ...

In what way would it be "an invaluable teaching aid"?

I can see how it could be used as an invaluable _publicity_ aid for 
attracting folk to the class.  However, as a teaching aid, it is highly 
unlikely to be of much more or less value than the source of any of 
dozens upon dozens of other malwares, and and that value would be very 
low...

Unless you are planning on teaching malware _writing_?

For folk interested in work in the antivirus and related security 
fields, source code is all but worthless.  We rarely have the source 
code of the malware we have to analyse -- at least, we rarely have it 
in advance of, or concurrent with, having do such analyses.  Reverse 
engineering is the name of this game and source code is then useless
-- if you have source you need not reverse and if you must reverse you 
would not have the source...

Also, from a purely pedagogical perspective (I majored in Psychology 
and Education), I find your claim that having the source of this 
malware "could be an invaluable teaching aid" deeply suspicious.  
Teaching from the specific is generally superficial, less long-lasting 
and generalizes much less well than providing a good theoretical 
grounding in the subject matter.  Could you expound the theoretical 
applications that presenting this specific malware's source code to 
your class would illustrate especially well?

Finally, whether you obtain this code or not, what aspects of the 
ethics of possessing, handling, distributing, etc such code will be you 
be teaching?  Personally, I doubt they will be substantial (or even 
present) as your initial approach to obtaining the code shows a serious 
lack of concern for some significant ethical issues straight off...

> ...  Thus, if anyone
> has the source, I'd greatly appreciate if you'd mail it to me off-list
> or point me towards an appropriate URL.

And what controls will you be placing on your students obtaining, 
copying, etc the code?  Given your brazenly open and "uncaring" request 
here, why should we expect that you will take any special care with the 
code and its further distribution to and among those taking your class 
and their room-mates, buddies and other contacts?


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ