Author Topic: MalwareDiariesList? why not?  (Read 5633 times)

0 Members and 1 Guest are viewing this topic.

October 22, 2009, 03:06:41 am
Reply #15

malwarediaries

  • Newbie

  • Offline
  • *

  • 9
I'm still working on the List, which I like to call Clearing House.

As far as people infecting themselves, I'd like to put a "Terms and Conditions" thing.... which basically would clear us of any liabilities.

People will have a username / password, very similar to what offensivecomputing does.

You know this public domain thing... Do you think that companies like Hitwise or Commtouch would give away their URLs for free? No way Jose... you have to pay. It takes money to run servers and what not. If you can pay the costs out of your own pocket then you must really be a good soul.

We already share samples with other companies / people. I think sharing URLs in the same way would be good.

We'll see.

Jerome

October 22, 2009, 03:15:39 am
Reply #16

malwarediaries

  • Newbie

  • Offline
  • *

  • 9

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.

Hey SysAdmin, I'm cool to share stuff with other partners. Just not anybody out there.

I've always shared whatever malware I discover through our FTP server, which many of the top AV vendors have access to.

Also, on the blog posting links and such. So it's not like I'm retaining all the good stuff to myself.

Jerome

October 22, 2009, 06:56:26 pm
Reply #17

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.

Hey SysAdmin, I'm cool to share stuff with other partners. Just not anybody out there.

I've always shared whatever malware I discover through our FTP server, which many of the top AV vendors have access to.

Also, on the blog posting links and such. So it's not like I'm retaining all the good stuff to myself.

Jerome

Hi Jerome,

what about people are unable to pay for those information? What about people who are not famous researchers?
Aren't they worth to get those information ?

Don't take offence, but what your are planning looks only like another way of making money than a contribution to security.

Ruining the bad guy's day

October 22, 2009, 10:55:57 pm
Reply #18

malwarediaries

  • Newbie

  • Offline
  • *

  • 9


Hi Jerome,

what about people are unable to pay for those information? What about people who are not famous researchers?
Aren't they worth to get those information ?

Don't take offence, but what your are planning looks only like another way of making money than a contribution to security.


[/quote]


Hi,

I already share info with many independent security folks that I trust. They have access to a repo of malware samples, and I don't expect anything in return.
What happens is during the course of my blog or conferences I get to meet people, we chat and such and if the relationship is good, I open up the gates.

I find it important to establish trust in this industry. If you open up your service to the world, you have no control over who is going to use the information. You'll have people that steal your hard work and take credit for it, or worse use the info in their product and make money off your back without even saying thank you.

By the way, I'm not a famous researcher  ;)

Jerome


October 23, 2009, 11:31:39 am
Reply #19

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Hi Jerome,

Welcome to MDL!

We @ MDL have a simple mission "Bust the bad guys" and nothing more. We hope your contribution to security continues!

Cheers,
Sparsha

October 23, 2009, 04:43:56 pm
Reply #20

malwarediaries

  • Newbie

  • Offline
  • *

  • 9
Hehe thanks Sparsha... exposing the bad guys makes my day  ;D

October 23, 2009, 05:08:55 pm
Reply #21

cleanmx

  • Special Members
  • Hero Member

  • Offline
  • *

  • 3405
    • Spam-Filter Anti-Spam Virenschutz - CLEAN MX Managed Anti-Spam Service ist die Lösung für Ihr Spam-Problem
Hi Jerome,

good decision to share your data

please provide us this a link or method to obtain these url's !

-- gerhard


November 03, 2009, 03:28:14 am
Reply #23

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day