Gadi Evron
Sat, 23 Dec 2006 10:41:49 -0800
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Sat, 23 Dec 2006, Gadi Evron wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > In this post ( http://www.phenoelit.net/lablog/Irresponsible.sl ), FX > describes a drop zone for a phishing/banking trojan horse, and how he > got to it. > > Go FX. I will refrain from commenting on the report he describes from > secure works, which I guess is a comment on its own. Secure Science, typo on my end. > > We had the same thing happen twice before in 2006 (that is worth > mentioning or can be, in public). > > Once with a very large "security intelligence" company giving drop zone > data in a marketing attempt to get more bank clients ("hey buddy, why are > 400 banks surfing to our drop zone?!?!) > > Twice with a guy at defcon showing a live drop zone, and the data > analysis for it, asking for it to be taken down (it wasn't until a week > later during the same lecture at the first ISOI workshop hosted by > Cisco). For this guy's defense though, he was sharing information. In a > time where nearly no one was aware of drop zones even though they have > been happening for years, he shared data which was valuable commercially, > openly, and allowed others to clue up on the threats. > > Did anyone ever consider this is an intelligence source, and take down > not being exactly the smartest move? > > It's enough that the good guys all fight over the same information, and > even the most experienced security professionals make mistakes that cost > in millions of USD daily, but publishing drop zone IPs publicly? That can > only result in a lost intelligence source and the next one being, say, > not so available. > > I believe in public information and the harm of over-secrecy, I am however > a very strong believer that some things are secrets for a reason. What > can we expect though, when the security industry is 3 years behind and we > in the industry are all a bunch of self-taught amateurs having fun with > our latest discoveries. > > At least we have responsible folks like FX around to take care of things > when others screw up. > > I got tired of being the bad guy calling "the king is naked", at least in > this case we can blame FX. :) > > It's an intelligence war people, and it is high time we got our act > together. > > I will raise this subject at the next ISOI workshop hosted by Microsoft > ( http://isotf.org/isoi2.html ) and see what bright ideas we come up with. > > Gadi. > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets