Date sent: Fri, 13 Jul 2007 02:54:55 +0000 (GMT) From: Paul Ferguson <[EMAIL PROTECTED]>
> The > hackers focus has shifted too, from developing destructive payloads to > circumventing detection. Now, for every tool forensic investigators have > come to rely on to discover and prosecute electronic crimes, criminals have a > corresponding tool to baffle the investigation. > > This is antiforensics. It is more than technology. It is an approach to > criminal hacking that can be summed up like this: Make it hard for them to > find you and impossible for them to prove they found you. Sorry, can't get excited about it. I've seen it: it's been around forever. (It was a bit of a theme of my presentation to ISOI 2.) The first "stealth" virus was Brain, in 1986. The first polymorphic virus was 1987. In 1991 the code used to turn off CPAV (and MSAV) was so prevalent that "the 14 bytes of code" was used as a kind of generic virus signature. We dealt with it then, and we'll deal with it now. In fact, we eventually found that the extra code put into viruses for various forms of antidetection made for larger programs and more opportunities for glitches (as if there weren't enough in viruses anyway). So let the blackhats knock themselves out with antiforensics. Makes the target bigger for us. ====================== (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] The drop of rain maketh a hole in the stone, not by violence, but by oft falling. - Hugh Latimer Agua mole com pedra dura tanto da ate que fura. Dictionary of Information Security www.syngress.com/catalog/?pid=4150 http://victoria.tc.ca/techrev/rms.htm _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
