Thursday, September 15, 2011

Free energy. Conspiracy of fools. Welcome to the dungeon!

As I have promissed before, I have translatted several posts from my russian blog, hence the oddity of the title.

pr0mix have posted the news anywhere on forums and blogs, but I nonetheless would like to remind anyone outhere that the third issue of the EOF magazine is out. Well, you of all people, teh drama and scene need one another - izee was so upset about another magazine, that he attacked hh86, rgb and SPTH and was so angry that he "forgot" to write the editorial and make the layout for his own magazine. It seems that fAMINE is with him on that and no one would see an updated Tristram.

There is my article («Advanced EPO: Deeper, longer and harder (Part 1)») about using debugging to find an optimal place for the EPO. I am still thinking about Part2 - using static analysis for the same goal. Also I was interested in the works presented by F0g and pr0mix. I hope that EOF will gladden us for many many years.


Stuxnet is boring!

In these latter days the fresh VirusBulletin is leaking regularly. Apart from "our captive fan" Peter Ferrie, there are more curious things in the magazine. The John Aycock's article «Stux in a rut: Why Stuxnet is boring» made my day. Someone ought to say this before: Stuxnet is boring. The same could be said about other overhyped malware. Surely, these are professional projects, yes they are consisting of many parts, yet I can't see any transformation of quantity into quality. We have seen all of these before.

Hereafter Aycock listed three conditions of the break-through technology:

  1. Do defences have to be changed in a substantial way to respond to the threat?
  2. Does the threat constitute a major shift in motivation for the adversary?
  3. Is the adversary using a new business model?
Spiral of filence

From this point of view polymorphism and macro viruses are pivotal inventions, while Morriss worm and metamorphism aren't. Finally, the quote which drew my attention: ‘Good’ defences are the ones that keep adversaries in a sweet spot, where the adversary succeeds enough to be satisfied but doesn’t fail enough to evolve. It’s a strange notion, that losing the security game once in a while might be necessary to strike a healthy balance overall.. I thought here that the same could be applied to an AV vendors as well, and even in a greater degree. The weird spiral of silence come out: both "white" and "black" hats preffer to make a short-term investments in the things like optimization of the engines, automatical signature extraction, rewriting packers and cryptors. We have a hundreds of jerks who rootling semi-automatically for signatures on one side, and the same jerks who semi-automatically clean the detection out on another. Cash flows, so far, so good.

But I hope that amateurs, academics and other comrades who isn't bound by IT Sec market's money will ruin this idyll down to the fucking bottom.


Authors of Brain virus - Farooq brothers

While I was reading Kurt Wismer's blog I found the video bout Brain authors. Those who don't follow the VX Heavens RSS might be interested in Greg Benford's story in the CACM about how he wrote one of the first worms in Fortran. And finally Morgot restored the rootkits.su website and moved his fasm.su project to my host. Those of you who like batch, say "Hi, cOrRuPt G3n3t!x".

Phew! It seems that's all

No comments:

Post a Comment