| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Feb 2009 10:48:17 -0800 (PST) From: "Gary E. Miller" <gem@...lim.com> To: T Biehn <tbiehn@...il.com> Cc: full-disclosure <Full-Disclosure@...ts.grok.org.uk> Subject: Re: Oh Yeah, botnet communications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Travis! On Thu, 19 Feb 2009, T Biehn wrote: > You know how the current amateur botnet offerings are basing domain lists > off the current time to allow the 'good guys' to prepare? > > Why not base the seed off something like a news RSS feed? Or how about yesterday's close of the S&P 500 or Cisco stock? Or maybe yesterday's Lotto numbers. Maybe a hash of all the above. This would drive bot hunters nuts. Until they reverse engineer the new scheme. Since the scheme is in every bot it would just take some reverse engineering. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 gem@...lim.com Tel:+1(541)382-8588 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFJnvr0BmnRqz71OvMRAmJWAKC4kPXM0C6L6d4Tkldw4ypeQuXXmQCgyZH9 xjMzFphho5t9UEeTj4UigE0= =hUXf -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists