lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: jan.m.clairmont at citigroup.com (Clairmont, Jan M)
Subject: AV Naming Convention  Reporting Plan.

Geesh that's why you need a centralized database with an
independent non-vendor specific database. It would be for 
reporting and sharing for the benefit of the community or av, firewall
and other vendors and the internet community.  It implies no force du
jour or coercion on anyone, you could opt out or not use the free
service, duh!  

The service could be funded by donations like PBS. Like any standards
committee it is staffed by vendors interested parties
students, just like freeware or shareware.  The goal is to help
end endless spam, av and trojans etc.  Not to spy or require anyone to
do anything.  Just like this list is a opt in or
opt out,  I frankly think full-disclosure should jump on this
idea for doing it or someone of that ilk.

Is this really that hard to understand?

Essentially this is the Function flow.
Person Finds Spam, Trojan,  Exploit etc
Vender finds Spam, Trojan, exploit
Vender Finds New virus --
                         reports virus forensics, description
				 format set by database committee
				 sample reporting tool on Web fill 
				 in the blanks and 
				 report
				|
				|
				V
		IVST Database.com
			|
			|
			|creates record time stamp_name & aliases
			V
		Updated database sees no equal sends out report
		Fix information to all interested parties based on 
		User profile or need.
			|
			|investigation continues
			V
		Database updates duplicates and reports to users
		Keeps track of spam, virus variants, trojans etc.
Back to step 1.

And it could start from day one without a history, just start with
what's new.  A retrofit database would be useful but not necessary.  It
just needs to react to new threats.

What's the big deal, it could be used for independent
researchers,students, Dead Heads, Hacker wannabes,
and best of all standardize the whole mess.  

Right now it's every person for
themselves. What do we have to lose but spam and maybe get a faster
reaction time to incidents, with a rational plan.

It's like finding comets, you find 'em you name 'em.

				
Jan Clairmont
Firewall Administrator/Consultant


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
Valdis.Kletnieks@...edu
Sent: Tuesday, August 10, 2004 2:54 PM
To: Frank Knobbe
Cc: Glenn_Everhart@...kone.com; full-disclosure@...sys.com
Subject: Re: [Full-Disclosure] AV Naming Convention 


On Tue, 10 Aug 2004 10:44:56 CDT, Frank Knobbe said:

> standardized. First representative of an AV shop that raises the hand
> says "We got a new one! Can't give details of course since you are a
> competitor. But if you find the same thing in your research, let's
call
> it Humptydumpty-2."
> Whoever finds the virus first has first choice on the name. No sharing
> of information required, just agreement on a name.

Of course, I *didnt* find the same thing, so I called it Jabberwocky-3.
Only later did we find out it was the same thing.

Only way to do that sanely is the way tropical storms are done - make up
a *long* list beforehand, and as each AV vendor raises their hand, the
get the next name in the list.

Remember guys - I may need a name for the variant I'm about to push
a signature out the door *before* I have any way of finding out that
you've
got a different variant.


Powered by blists - more mailing lists