Re: [Full-Disclosure] win2kup2date.exe ?

From: Qber_GuidoZ?= (uberguidoz_at_gmail.com)
Date: 09/03/04

  • Next message: Qber_GuidoZ?=: "Re: [Full-Disclosure] win2kup2date.exe ?"
    To: James Tucker <jftucker@gmail.com>
    Date: Fri, 3 Sep 2004 02:06:32 -0400
    
    

    James Tucker said:
    > There is always no need for aggressive statement of suspicion, which
    > you are close to here. While I understand aggression due to anger, I
    > am concerned that one should not get angry at someone offering them
    > a service merely because one is suspicious of them. What if the offer
    > of help is entirely genuine?

    Amen. Not only that, but was also said, the choice to do so or not is yours.

    -- 
    Peace. ~G
    On Fri, 3 Sep 2004 02:19:07 +0100, James Tucker <jftucker@gmail.com> wrote:
    > On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
    > <nick@virus-l.demon.co.uk> wrote:
    > > Über GuidoZ wrote:
    > >
    > > > ...  If you want to email me a copy of it, I'll
    > > > rip it apart and see what can be seen.
    > >
    > > And world plus dog should entrust you with such material because???
    > ... most viruses, trojans and malware to not store copies of stolen
    > data in their executables. Furthermore the file size is very small.
    > 
    > > > P.S. Send it to [...] - it's my "catch all" for
    > > > virus/unknown files. Just be sure to ZIP it up or else the web host
    > > > won't let it through. Otherwise I have disabled all checks/scan.
    > > > Downloads directly to a secured Linux box.
    > >
    > > That's all very nice, but alone, far from the makings of someone to
    > > entrust arbitrary, suspected malware samples to.
    > 
    > "Entrust", just what exactly are you thinking you might be giving away?
    > 
    > > I'm also rather suspicious of your promotion of Virus Total.  Hispasec,
    > > as far as I can tell (Spanish being something I have to have translated
    > > via online services), has no antivirus or similar product of its own,
    > 
    > I do not necessarily trust this company or their service. Having said
    > that, if they produced their own Anti-Virus package, to put other
    > vendors scanning engines in a publicly available service would either
    > be damaging to their business, or considered anti-competitive.
    > 
    > > yet it has set up, and some folk seem to be promoting, what is
    > > effectively a sample collection mechanism.  I've also heard vague
    > > rumblings that Hispasec/Virus Total does not have suitable licenses for
    > > at least some of the scanners used in its service (and strongly suspect
    > > that several of the AV vendors whose products are currently used would
    > > not allow their products to be licensed for use in a service of the
    > > kind Virus Total offers anyway because it paints a rather disturbing
    > > trust picture -- "You can trust me because I can run a virus
    > > scanner...").
    > 
    > Again, you suspect allot of deception here, and while it is of course
    > possible you are correct, I have yet to see this ever done in
    > practice. Samples of non-data carrying viruses or trojans are of
    > little use to anyone other than Anti-Virus firms, as it is easy to
    > collect raw source for most if one is so inclined.
    > I agree that it is unlikely they have sufficient client licenses to
    > provide such a service; however I can see that there are a great deal
    > of arguments in law about how their case may be won. They may for
    > example only be required to carry one license, they could argue that
    > they are simply allowing users to deliberately infect their systems,
    > and making portions of the logs publicly available.
    > 
    > If there are viruses which commonly copy target system data, or
    > sensitive data into their binaries at the present time (I imagine the
    > mention of this deception may well spring at least one such virus)
    > then I apologise that I am not aware of it. If the report of the virus
    > name in question is accurate (which IIRC it has been now verified by
    > someone else) then the binary is not carrying sensitive data.
    > 
    > Having said all of the above, your concern is not mis-placed, and if
    > you feel uncomfortable with any such possibility of giving away a
    > minor amount of data, then certainly make good your freedom and choose
    > not to do so.
    > 
    > There is always no need for aggressive statement of suspicion, which
    > you are close to here. While I understand aggression due to anger, I
    > am concerned that one should not get angry at someone offering them a
    > service merely because one is suspicious of them. What if the offer of
    > help is entirely genuine?
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: Qber_GuidoZ?=: "Re: [Full-Disclosure] win2kup2date.exe ?"

    Relevant Pages

    • Re: [Full-Disclosure] win2kup2date.exe ?
      ... > entrust arbitrary, suspected malware samples to. ... Again, you suspect allot of deception here, and while it is of course ... I agree that it is unlikely they have sufficient client licenses to ... There is always no need for aggressive statement of suspicion, ...
      (Full-Disclosure)
    • Re: "Glad theyre gone and may they never come back."
      ... But a lot of the 'suspected terrorists' in the US were actually ... suspicion, but then you can't just take it back and say OOOPS! ... One can suspect that this particular show is for the benefit of cycling ... negligible compared to a culture of condemnation via rumors, ...
      (rec.bicycles.racing)
    • Re: "Glad theyre gone and may they never come back."
      ... But a lot of the 'suspected terrorists' in the US were actually ... suspicion, but then you can't just take it back and say OOOPS! ... One can suspect that this particular show is for the benefit of cycling ... negligible compared to a culture of condemnation via rumors, ...
      (rec.bicycles.racing)
    • Re: Cheshire police stop 6,000 people during road network crime campaign
      ... "Reasonable grounds for suspicion ... Drugs Act 1971 and the power to search for stolen or prohibited ... Mere suspicion based on hunch or instinct might ... might reasonably lead the officer to suspect that stolen or ...
      (uk.legal)
    • Re: "Court curtails Met surveillance"
      ... >> I don't have a problem with 'being a suspect', ... A cloud of suspicion hangs over you. ... suspicions work to tarnish one's reputation. ... This is yet another example of Parliament passing well-intentioned laws which enable people to bend the rules, and do things the laws never intended them to do. ...
      (uk.legal)