Re: [SC-L] User Education Tool?
On Thursday 04 March 2004 10:17 am, Andreas Saurwein wrote: > On a somewhat abstract line of thinking, in regards to the latest > virus outbreaks, one idea came up which might be even useful: > > I think that we all agree that the current outbreak of Netsky, Bagle > and others is mainly because users still try to open everything they > receive, no matter how weird it is. > > Now, doing something really flashy like creating an virus like > application as follows: > * it is sent as zipped attachment > * when opened, it brings a huge, clear message, that the user would > now have been infected with a virus. A short, understandable message > explaining why and how to avoid it would be appropriate. > * it asks the user for permission to forward itself to the users > contacts, to help spreading the education. > > Would that still classify as virus? Or would that pass as something > else? Would a measure like this be of any success? What other measure > could reach the critical user groups? > > Probably this has been discussed on some lists already, but didnt > find any references. There is an ancient (well, in Internet time) command line tool that is useful in this situation . . . To see the man page: man lart If you don't have access to a *nix machine, see http://www.geocities.com/urifrid/man-lart.html Enjoy! /g -- George W. Capehart Key fingerprint: 3145 104D 9579 26DA DBC7 CDD0 9AE1 8C9C DD70 34EA "Does getiud(2) halt the spawning of child processes?" -- Unknown from a very old fortune cookie file
Re: [SC-L] User Education Tool?
At 4/3/2004 18:16 Thursday, Dave Aronson wrote: Those of us who receive viri, or bounce-reports alleging that we sent one, are in the addressbooks of lusers who open viri. Don't subject us to more of this $#!^ than we already are. At the moment I receive about 20-25 virus/bounces by day on my personal account, dont need to tell me.. Either way (especially if the manual forwarding is done with the help of pulling up the contact list), you can bet some jackass will attach a malicious payload, probably triggered right *after* you spread it. So much for being able to treat it as innocent. Right, that would probably happen. But in the end, it would still do its job :-? Find a way to substitute, for the whole mess, an arm coming out of the computer and bitchslapping the idiot silly while calling his attention to how incredibly stupid he has just been, and you've got something. Where can I buy a license for that? :)
Re: [SC-L] User Education Tool?
On Thu March 4 2004 10:17, Andreas Saurwein wrote: > Now, doing something really flashy like creating an virus like > application as follows: > * it is sent as zipped attachment > * when opened, it brings a huge, clear message, that the user would > now have been infected with a virus. A short, understandable message > explaining why and how to avoid it would be appropriate. > * it asks the user for permission to forward itself to the users > contacts, to help spreading the education. > > Would that still classify as virus? Or would that pass as something > else? Would a measure like this be of any success? What other > measure could reach the critical user groups? Those of us who receive viri, or bounce-reports alleging that we sent one, are in the addressbooks of lusers who open viri. Don't subject us to more of this $#!^ than we already are. Remove the "may I spam your friends" aspect, asking them instead to manually forward it to any of their friends that they think could use the education, and it might be tolerable. Either way (especially if the manual forwarding is done with the help of pulling up the contact list), you can bet some jackass will attach a malicious payload, probably triggered right *after* you spread it. So much for being able to treat it as innocent. Find a way to substitute, for the whole mess, an arm coming out of the computer and bitchslapping the idiot silly while calling his attention to how incredibly stupid he has just been, and you've got something. B-) -- Dave Aronson, Senior Software Engineer, Secure Software Inc. Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org (Opinions above NOT those of securesw.com unless so stated!) WE'RE HIRING developers, auditors, and VP of Prof. Services.
[SC-L] User Education Tool?
On a somewhat abstract line of thinking, in regards to the latest virus outbreaks, one idea came up which might be even useful: I think that we all agree that the current outbreak of Netsky, Bagle and others is mainly because users still try to open everything they receive, no matter how weird it is. Now, doing something really flashy like creating an virus like application as follows: * it is sent as zipped attachment * when opened, it brings a huge, clear message, that the user would now have been infected with a virus. A short, understandable message explaining why and how to avoid it would be appropriate. * it asks the user for permission to forward itself to the users contacts, to help spreading the education. Would that still classify as virus? Or would that pass as something else? Would a measure like this be of any success? What other measure could reach the critical user groups? Probably this has been discussed on some lists already, but didnt find any references. Cheers Andreas
Re: [SC-L] Humor: Secure coding in the comics (Foxtrot)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yea, foxtrot is good like that, ive caught a few jokes of this manner, there was one when mac os x came out where the boy (name?) sat in front of his apple computer and the computer kept saying 'i have unix underwire' or something and the strip ended with the boy standing up and announcing he had unix underwear and it said something like chmod 777 or something along those lines- my favorite though was when the boy was reprimanded by a teacher and had to write X many lines on the board and he just wrote for(i=0; i Those of us that are lucky (?) enough to get the FoxTrot comic strip > (http://www.foxtrot.com) may have noticed that yesterday's and today's strips > were discussing a software security topic. The author, Bill Amend, addresses > the issue of the recent leak of some Microsoft source code. Check it out at: > > http://www.ucomics.com/foxtrot/2004/03/03/ > and > http://www.ucomics.com/foxtrot/2004/03/04/ > > ...well *I* thought it was funny. YMMV ;-) > > Cheers, > > Ken van Wyk > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (OpenBSD) iD8DBQFAR0CJsKAeTAhLiCERAgqhAJ4gz/CqDqtKNW+5YmWHO08Cjig0uQCfQYih pHsZu24x3JAZPRZ6Ve/46BQ= =kXT8 -END PGP SIGNATURE-
Re: [SC-L] Looking for good software security stats
At this site they have a Adobe Pdf all about the below subject if anyone is interested in reading: http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci952377,00.html?track=NL-102&ad=477590 [Ed. That would be the new Hoglund and McGraw book. Oh, and (free) registration is required for the above site. KRvW] Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflow Buffer Overflow 101 The buffer overflow remains the crown jewel of attacks, and it is likely to remain so for years to come. Part of this has to do with the common existence of vulnerabilities leading to buffer overflow. If holes are there, they will be exploited. Languages that have out-of-date memory management capability such as C and C++ make buffer overflows more common than they should be. As long as developers remain unaware of the security ramifications of using certain everyday library functions and system calls, the buffer overflow will remain commonplace Regards, George Greenarrow1 InNetInvestigations-Forensics - Original Message - From: "Kenneth R. van Wyk" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 12:17 PM Subject: [SC-L] Looking for good software security stats > Hi all, > > I'm looking for published reports on software vulnerabilities with regard > to > the software development process. With a bit of googling, I've found some > good starting points (e.g., www.securitytracker.com/ > learn/securitytracker-stats-2002.pdf), that provide stats on > vulnerabilities > by type. I'm particularly interested in stats that provide insight into > where in the software development process the vulnerabilities were > introduced. > > Anyone have some good citations to share? > > Cheers, > > Ken van Wyk > -- > KRvW Associates, LLC > http://www.KRvW.com
[SC-L] Humor: Secure coding in the comics (Foxtrot)
Those of us that are lucky (?) enough to get the FoxTrot comic strip (http://www.foxtrot.com) may have noticed that yesterday's and today's strips were discussing a software security topic. The author, Bill Amend, addresses the issue of the recent leak of some Microsoft source code. Check it out at: http://www.ucomics.com/foxtrot/2004/03/03/ and http://www.ucomics.com/foxtrot/2004/03/04/ ...well *I* thought it was funny. YMMV ;-) Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com