I tend to use hxxp[s]:// -and- some random spaces. Substituting for the xx's
and stripping the spaces isn't usually going to be a problem for scripting.
--
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET LLC
I think it's better to add some SPACEes in the URL, kind of
freedom and
heads will roll.
blacklists have never been a solution! Censorship is just Censorship.
foot.
From: Dan Drinnon [EMAIL PROTECTED]
To: 'Chris Lee' [EMAIL PROTECTED], botnets@whitestar.linuxbox.org
Date: 08/29/08 2:03 AM
Subject:Re: [botnets] URL formats
Hello Everyone
May I remind everybody that the purpose of this list is to share
information. What you do with this information is up to you (more or less).
If you use it as a blacklist: fine, I hope you know what you are doing...
On Fri, Aug 29, 2008 at 10:09 AM, [EMAIL PROTECTED] wrote:
Tell me how this
-
From: freed0 [mailto:[EMAIL PROTECTED]
Sent: 29 August 2008 17:52
To: [EMAIL PROTECTED]
Cc: botnets@whitestar.linuxbox.org
Subject: Re: [botnets] [URL formats]
Spaces suck because they are never in the same place and then
you cannot really easily automate the import process
Spaces suck because they are never in the same place and then you cannot
really easily automate the import process into whatever system you may
have that would work on it. I think that the hxxp[x] solution is an
easy and fine one that it easy for everyone to use.
Using any other type of
Censorship.
foot.
From: Dan Drinnon [EMAIL PROTECTED]
To: 'Chris Lee' [EMAIL PROTECTED],
botnets@whitestar.linuxbox.org
Date: 08/29/08 2:03 AM
Subject:Re: [botnets] URL formats
Hello Everyone!
First, my apologies for not doing my Lurk Time here - I only started
heh I think this is a discussion that's been had many times. A lot of people
use and I am in favor of obfuscating http links with:
hxxp://urlformat
then for any URLs that have sensitive info that you want to still post use
removed, example:
On Thu, 28 Aug 2008, Michael Collins wrote:
It would be enormously helpful.
Personal bias: I do a lot of data analysis on stuff collected by a bunch of
groups, and my biggest headaches are always normalization and how did you
figure this out, so if we had a standard, that would make my life,
Are you asking about a standardized reporting format pertaining to all the
information you have obtained and wish to share?
fiberOptiC
Rizon IRC network
On Thu, Aug 28, 2008 at 3:14 PM, Gadi Evron [EMAIL PROTECTED] wrote:
On Thu, 28 Aug 2008, Michael Collins wrote:
It would be enormously
On Thu, 28 Aug 2008, fiberOptiC wrote:
Are you asking about a standardized reporting format pertaining to all the
information you have obtained and wish to share?
The suggestion was about URLs.
For now, people.. just share.
On Thu, Aug 28, 2008 at 3:14 PM, Gadi Evron [EMAIL PROTECTED]
hxxp seems to be advantageous for a few reasons:
1. you can still cut and paste the url
2. the protocol handlers won't load it up if you accidently click
on it
3. you can add a protocol handler for hxxp for whatever you want
4. easier to recognize domains and patterns (rather than rotted
I think it's better to add some SPACEes in the URL, kind of break it, since
Gmail will convert it to clickable URL if only substitute http to hxxp.
On Fri, Aug 29, 2008 at 9:28 AM, [EMAIL PROTECTED] wrote:
I also concur. Also can we please set default reply to be the mailing list?
Or is that a
12 matches
Mail list logo
