lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4145E4B6.8010506@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: win2kup2date.exe ?

VX Dude wrote:

>
>I have a sad feeling that I am alone about this.  If I
>am, then I really pity you guys.
>
>Stinny FranCisco, CISSP
>Internet Sniper
>eDefense Inc.
>
>
>  
>

I tend to agree with you.  However, there are a couple of things to 
consider:

        1) Disclosure tends to refer to information.  Now, malware is 
technically information -- but not in the sense that people think of 
"information" as.  People read
             the list expecting vulnerability releases and fixes.  
Adding malware distribution to the list of services the list provides 
could further muddy the already muddied
             waters that come with having an unmoderated security list.

       2) This increase in list traffic and bandwidth may be problematic 
for people without fully dedicated internet connections or those 
pay-per-time period internet
            connections.  FD may not be the most appropiate place for 
this traffic.  A new list may be more appropriate.

       3) Let's face it -- in many corners of the world, distributing 
malware isn't entirely legal.  FD might be put into legal jeopardy 
because of this.  I don't know where
           FD is based out of, but here in the states, the DMCA and 
other fascism-inspired laws have been used to shut down security 
research.  Ideally, the "list" would
           be setup within a non-treaty laiden country.

Now, I for one think that keeping malware off the list isn't going to 
stop a determined person with hostile intentions.  Having said that, it 
is a worthy discussion and I certainly respect everyone who has brought 
up those concerns.  But, I think that you're generally correct, VX Dude, 
in that keeping this stuff off the list is not entirely compatible with 
full disclosure philosophy.  These are all points to think about, 
though.  It's really up to the list owners and what they want.

             -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ