lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OF70C42887.1C67E6DD-ON48256EED.0009784A-48256EED.000A8B34@int.csc.com.au>
From: tcleary2 at csc.com.au (tcleary2@....com.au)
Subject: AV Naming Convention

Frank Knobbe said:

>says "We got a new one! Can't give details of course since you are a
>competitor. But if you find the same thing in your research, let's call
>it Humptydumpty-2."
>Whoever finds the virus first has first choice on the name. No sharing
>of information required, just agreement on a name.

How hard can it be?

All we need is the AV guys to agree to use some external standard, and who 
CARES what it is so long as we can agree it's universal?

Under outbreak conditions, ambulance chasing, keeping secrets and failure 
to co-operate do not win friends.

Look at other solutions to the same problem - naming hurricanes?

Personally, I could care less whether is called nebiwo or fred as long as 
when I phone someone to discuss the latest and greatest I can use one word 
instead of having to spend five minutes making sure we're talking about 
the same bit of malware.

Even if we bother to go to the extent of formalising classification ( and 
yes, I did study zoology and microbiology for a while so I know such 
systems exist and underpin the disciplines... ) whatever scheme is 
eventually adopted we need immediate, clear shorthand too.

Figuring out that Fred and Ginger are in fact variants is not the issue 
when you're attempting to prevent mass failures and the guy on the other 
line is saying "Do you mean MyDoom.AAHTDRFSWQT or Beagle.QSWPROTU?"

But us voices in the wilderness don't maximise shareholder value, right?

Regards,

tom.
----------------------------------------------------------------------------------------
Tom Cleary - Security Architect

CSC Perth

"In IT, acceptable solutions depend upon humans - Computers don't 
negotiate."
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.
----------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040811/d1a8fbd7/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ