MalwareDiariesList? why not?

[SysAdMini]

http://blogs.paretologic.com/malwarediaries/index.php/2009/09/28/malwarediarieslist-why-not/

I am working on something similar to MDL (MalwareDomainList) for security researchers.

Our array of HoneyPots is collecting a lot of URLs and so far, we haven’t been sharing them except for the occasional blogpost mentioning this or that URL.

We do currently share our HoneyPot samples with our partners which is good, but URLs do have a high value as well for security researchers.

Anyway, unlike MDL I plan on restricting the access for different reasons. Our current partners will have free access as an added bonus to our sample shares.

So stay tuned for this upcoming project.

Jerome Segura

[cleanmx]

hi @all

my 5 cents ...

bullshit.. why ? simply any collected url is in my opinion public domain.

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

[SysAdMini]

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.

[cleanmx]

i just registered on his blog and wrote a comment....

not yet published.... on his blog... here the content of my posting for reference...

-- gerhard

Hi Jerome,

I just came along within MDL to your article...


my 5 cents ...

bullshit.. why ? simply any collected url is in my opinion public domain.

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

this is a open invitation to you and your company to fully share all retrieved url to the community.

we @ netpilot dedicate bandwidth, storage and man power to consolidate these data, so we expect from your company to assist us by feeding your url's to our database.


-- gerhard

[Serg]

I agree with cleanmx

[SysAdMini]

Jerome's answer:

MalwareDiariesList: the comments
http://blogs.paretologic.com/malwarediaries/index.php/2009/09/29/mdl/

[Serg]

I forgot to grab his face during vb

[cleanmx]

my reply

subject: comments on your blog are *not* visible

Hi Jerome,

sorry if i had treated you in a someone rough way...

1) it was late in Germany
2) I had been slightly angry about your wording in your original post.
3) i'm nor a hater, or similar ....

but

1) we are too not a charity organization
2) parts of our work will be public without any restrictions

so the main thing is to hide Url's and not giving them to researches and consolidators in this business is not a really good idea, on the other hand you in turn use hphost, malwareurl, malwaredomainlist and probably clean-mx.

so please do not shut a door, think about this invitation.

-- gerhard

btw.

why is my comment not visible, only your quoted one ?

[cleanmx]

vb ? please help an old man to put things together

I forgot to grab his face during vb Angry

[RS-232]

A lot of people don’t know what they’re doing and would just infect themselves.

Oh boy,it's once again the same old ideas (or should I better say 'excuses'),that make me yawn...
And I thought that by now,it should be clearly understood that we don't live in the 90s era anymore,
where vxers where occasionally publishing their stuff only to show off...
4600$ per day in their pocket for spreading malware and advertizing illegal pharmacy,
is a pretty good reason for me to consider any collected url as public domain,heh...  

Other people would leverage that information to infect others (I don’t want it to fall into the wrong hands).

Malware and it's control is simply...already in the wrong hands,he-he - that's by nature to say so ;-)
For the over-cautious,well,obviously not all research info should be made public,
yet I think SysAdMini already described that in the most exact words above..."disclosing as much as possible is a must".

[RS-232]

vb ? please help an old man to put things together

Quote
I forgot to grab his face during vb Angry

...i think it's Serg's invitation to him,but I somehow fear that MalwareDiaries will not accept it... 

[Serg]

vb ? please help an old man to put things together

I forgot to grab his face during vb Angry

I've met Jerome on VB  2009 in Geneva. He speaks a lot...   

[cleanmx]

now I'm confused...

I did a short google on  http://www.google.de/search?hl=de&source=hp&q=+MalwareDiariesList%3F+why+not%3F&btnG=Google-Suche&meta=&aq=f&oq=

and clicked on : http://www.google.de/url?sa=t&source=web&ct=res&cd=5&url=http%3A%2F%2Fwww.securitynewsportal.com%2Fsecurityblogs%2F&ei=eC_CSuKOOo3emAO6-4GyBg&usg=AFQjCNEWQ0n7jqfuDHGGy-VdAJNMWi_9fg&sig2=E4LWfTNMmBqKvGMSso-GmA

result: even the same if i use my home dsl proxy....

Code: [Select]


Your IP Range is Blocked


There is too much Bot and script kiddie activity originating from your IP range


Your IP has passed on. Your IP is no more. It has ceased to be. It is banned and gone to meet its maker
It is a stiff. Bereft of life, it rests in peace. It is pushing up the daisies. Its digital processes are now history.
It has kicked the bucket and shuffled off to IP banned heaven. YOU HAVE AN EX-IP


Exemptions to the blocking of your IP are available by request

[SysAdMini]

Your IP Range is Blocked

This is normal behaviour for this site. It happens to me daily.

See also:

http://www.malwaredomainlist.com/forums/index.php?topic=2205.0

[malwarediaries]

I forgot to grab his face during vb Angry

[/quote]

I've met Jerome on VB  2009 in Geneva. He speaks a lot...   
[/quote]

What's up with all this anger?
By the way, I don't think I speak that much... I'm rather shy instead.

Who are you Serg? I don't remember meeting you in VB?

Jerome