Hi there,
I agree with Holloway here, and raise a very specific point. If the
poster's fear is with a new language bringing additional polymorphism to
malware, I would say there are *far* easier ways to permute a binary and
thus make it resistant to either reversing or signature based detection.
On Thu, Aug 25, 2022 at 7:54 AM Amnon wrote:
> Apparently Go is an "unconventional language". So Languages are divided
> into "conventional" and "unconventional"
> languages.
Any language split like this often fails to capture the essence of
different language designs. We should use precision
On Thursday, August 25, 2022 at 4:58:18 PM UTC+8 Gopher-Insane wrote:
> Thank you kortschak, yes that was all I was doing. Seeking advice from
> people who have better knowledge than me in this area. Again, very grateful
> for everyone's help.
>
> On Thursday, 25 August 2022 at 09:54:13 UTC+1
Thank you kortschak, yes that was all I was doing. Seeking advice from
people who have better knowledge than me in this area. Again, very grateful
for everyone's help.
On Thursday, 25 August 2022 at 09:54:13 UTC+1 kortschak wrote:
> On Thu, 2022-08-25 at 01:47 -0700, Holloway Kean Ho wrote:
>
On Thu, 2022-08-25 at 01:47 -0700, Holloway Kean Ho wrote:
> What exactly you're trying to achieve by taking a very elaborated,
> crystal-clear, good-willed security-related article way out of its
> context with your thread title here and agitate some of the Go
> maintainers here?
I don't think
Hi,
I be very blunt here:
1. What exactly you're trying to achieve by taking a very elaborated,
crystal-clear, good-willed security-related article way out of its context
with your thread title here and agitate some of the Go maintainers here?
Why I'm asking:
- AFAIK, behavior
On Tue, Aug 23, 2022 at 2:23 PM Robert Engels wrote:
>
> Doesn’t a different structure as per the Go FAQ imply a specialized loader
> /runtime linker? I just assumed it did.
Go has a different program linker that generates the statically linked
executable, but a statically linked executable
Should a knife maker be held liable and required to 'fix' their knives when
their knives are used in criminal acts? If the knives are made specifically
with the sole purpose of breaking the laws, then yes, the knife maker
should be held liable. If the knives are general purpose tools, then no,
Doesn’t a different structure as per the Go FAQ imply a specialized loader
/runtime linker? I just assumed it did.
> On Aug 23, 2022, at 1:47 PM, Ian Lance Taylor wrote:
>
> On Tue, Aug 23, 2022 at 9:29 AM Robert Engels wrote:
>>
>> I did not read the analysis - just the thread here and
On Tuesday, August 23, 2022 at 8:47:11 PM UTC+2 Ian Lance Taylor wrote:
> On Tue, Aug 23, 2022 at 9:29 AM Robert Engels
> wrote:
> >
> > I did not read the analysis - just the thread here and earlier threads
> on this subject. My understanding that even though Go is statically linked
>
On Tue, Aug 23, 2022 at 9:29 AM Robert Engels wrote:
>
> I did not read the analysis - just the thread here and earlier threads on
> this subject. My understanding that even though Go is statically linked the
> loader does relocations that confuse virus scanners.
I'm not sure precisely what
Sent: Tuesday, August 23, 2022, 09:49
To: Brian Candler
Cc: golang-nuts
Subject: Re: [go-nuts] Is Go a security malware risk?
I think what is being suggested that if the sec team bans all applications that
exhibit dynamic code loading behavior they’d be safer - which would catch a lot
o
Doesn't this article in fact argue that it is the *security teams* that have to
get smarter about what kind of threads they will be faced with and figure out
how to deal with them?
> On Aug 22, 2022, at 6:15 AM, 'Gopher-Insane' via golang-nuts
> wrote:
>
> Hi
>
> So our security team has
I did not read the analysis - just the thread here and earlier threads on this
subject. My understanding that even though Go is statically linked the loader
does relocations that confuse virus scanners.
> On Aug 23, 2022, at 11:05 AM, Brian Candler wrote:
>
>
>> On Tuesday, 23 August 2022
On Tuesday, 23 August 2022 at 16:49:57 UTC+1 ren...@ix.netcom.com wrote:
> I think what is being suggested that if the sec team bans all applications
> that exhibit dynamic code loading behavior they’d be safer - which would
> catch a lot of apps in the net.
>
But the article quoted makes the
On Tue, Aug 23, 2022 at 4:31 PM 'Gopher-Insane' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> The issue is not a vulnerability in the language itself but the use of
> that language to embed malware so AV signatures do not detect it. The
> feeling is that our InfoSec will be wanting to
I think what is being suggested that if the sec team bans all applications that
exhibit dynamic code loading behavior they’d be safer - which would catch a lot
of apps in the net.
> On Aug 23, 2022, at 10:44 AM, Brian Candler wrote:
>
>
>> On Tuesday, 23 August 2022 at 15:30:49 UTC+1
On Tuesday, 23 August 2022 at 15:30:49 UTC+1 Gopher-Insane wrote:
> The issue is not a vulnerability in the language itself but the use of
> that language to embed malware so AV signatures do not detect it. The
> feeling is that our InfoSec will be wanting to restrict obscure languages
> (Go,
The issue is not a vulnerability in the language itself but the use of that
language to embed malware so AV signatures do not detect it. The feeling is
that our InfoSec will be wanting to restrict obscure languages (Go, Rust
etc...).
On Tuesday, 23 August 2022 at 15:22:39 UTC+1
On Tue, Aug 23, 2022 at 2:58 PM 'Gopher-Insane' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> They are suggesting that Go is being more widely used than others, making
> it more of a risk.
>
>
Is their position "we shouldn't write Go in our organization, because it's
being used by
On Tue, Aug 23, 2022, 5:58 AM 'Gopher-Insane' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> They are suggesting that Go is being more widely used than others,
Could be true.
making it more of a risk.
>
I don't see how this follows. What is the risk? It's not a risk to any
They are suggesting that Go is being more widely used than others, making
it more of a risk.
On Tuesday, 23 August 2022 at 13:15:06 UTC+1 jesper.lou...@gmail.com wrote:
> On Mon, Aug 22, 2022 at 3:30 PM 'Gopher-Insane' via golang-nuts <
> golan...@googlegroups.com> wrote:
>
>> Hi
>>
>> So our
On Mon, Aug 22, 2022 at 3:30 PM 'Gopher-Insane' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> Hi
>
> So our security team has raised a concern with Go and malware. The link
> that was sent to me was
>
On Mon, 2022-08-22 at 06:15 -0700, 'Gopher-Insane' via golang-nuts
wrote:
> Hi
>
> So our security team has raised a concern with Go and malware. The
> link that was sent to me
> was https://securityboulevard.com/2021/09/behavior-based-detection-ca
> n-stop-exotic-malware/.
> I reached out to
I think the concern is in using the language to wrap malware that would
otherwise be detected. So not the outcome of the malware but the hiding of
it.
On Monday, 22 August 2022 at 14:47:55 UTC+1 Thomas Bushnell, BSG wrote:
> This is not a problem that arises from *you *using Go; it's a problem
Great responses, thank you. That has helped.
On Monday, 22 August 2022 at 14:47:55 UTC+1 Thomas Bushnell, BSG wrote:
> This is not a problem that arises from *you *using Go; it's a problem
> arising from the fact that *other *people are using Go to write malware,
> and bad security techniques
This is not a problem that arises from *you *using Go; it's a problem
arising from the fact that *other *people are using Go to write malware,
and bad security techniques are unable to deal with it.
You could stop using Go entirely and it wouldn't change the dynamic. The
better course is not to
On Mon, Aug 22, 2022 at 3:31 PM 'Gopher-Insane' via golang-nuts <
golang-nuts@googlegroups.com> wrote:
> So our security team has raised a concern with Go and malware. The link
> that was sent to me was
> https://securityboulevard.com/2021/09/behavior-based-detection-can-stop-exotic-malware/
> .
Hi
So our security team has raised a concern with Go and malware. The link
that was sent to me was
https://securityboulevard.com/2021/09/behavior-based-detection-can-stop-exotic-malware/
.
I reached out to Bill Kennedy on Twitter who disagreed that Go was a
problem. Said it was worth posting
29 matches
Mail list logo