What is a way to discuss Security???

By SarK0Y
in Linux

 Share

Recommended Posts

Proficient

SarK0Y

Posted
Posted

Forum's Rules forbid to post malware techniques. But how to fight those issues w/o Education & Sharing????  i'm totally confused...

Link to comment
Share on other sites
Grand Master

Good Bot, Bad Bot

Posted
Posted (edited)

Huh? This is what the forum rules say...

Quote

Do not post links to exploits, malware, or websites that produce undesired effects to our members.
This includes browser crashes, multiple pop-up screens, DOS attacks, or similar results. Links will be removed, threads closed, and members will be warned or suspended.

How does posting links that serve up malware, exploits, or crash my browser protect me or further my education? LOL

If you want to discuss how malware is designed/created there are much better dedicated forums for that.

  • goretsky and hellowalkman
  • Like 2
Link to comment
Share on other sites
Grand Master

Barney T. Administrators

Posted
  • Administrators
Posted
On 06/06/2024 at 08:44, Good Bot, Bad Bot said:

Huh? This is what the forum rules say...

How does posting links that serve up malware, exploits, or crash my browser protect me or further my education? LOL

If you want to discuss how malware is designed/created there are much better dedicated forums for that.

Posting discussions of malware that include links also puts our website in legal jeopardy, hence it is not permitted.

Link to comment
Share on other sites
Proficient

SarK0Y

Posted
  • Author
Posted
On 06/06/2024 at 15:44, Good Bot, Bad Bot said:

Huh? This is what the forum rules say...

How does posting links that serve up malware, exploits, or crash my browser protect me or further my education? LOL

If you want to discuss how malware is designed/created there are much better dedicated forums for that.

actually, it's not a weaponized exploit - i did it not to harm Your or Whoever else Security ==>> i just have pinpointed the Problem & 2nd stage is to discuss how to mitigate that threat.

Link to comment
Share on other sites
Grand Master

Dick Montage

Posted
Posted
On 06/06/2024 at 14:50, SarK0Y said:

actually, it's not a weaponized exploit - i did it not to harm Your or Whoever else Security ==>> i just have pinpointed the Problem & 2nd stage is to discuss how to mitigate that threat.

The hosting of the DISCUSSION can put the site into legally contentious grounds!

Link to comment
Share on other sites
Proficient

SarK0Y

Posted
  • Author
Posted
On 06/06/2024 at 16:52, Dick Montage said:

The hosting of the DISCUSSION can put the site into legally contentious grounds!

 So, here is no way to discuss that topic.. well then, the Question is closed. :)

Link to comment
Share on other sites
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted (edited)
On 06/06/2024 at 04:23, SarK0Y said:

Forum's Rules forbid to post malware techniques. But how to fight those issues w/o Education & Sharing????  i'm totally confused...

Hello,

As someone whose day job is literally* to educate and share information about malicious software, I would say that it is far more helpful to explain how the malware works, and share information about to prevent, detect and remediate it, is far more valuable than the sharing of samples of said malware.

Regards,

Aryeh Goretsky
 

*I just had my semi-annual review about week and a half ago, and education and sharing figured prominently in it.  Without getting into numbers, management was very happy with my work during the covered timeframe.

Link to comment
Share on other sites
Proficient

SarK0Y

Posted
  • Author
Posted
On 07/06/2024 at 06:18, goretsky said:

Hello,

As someone whose day job is literally* to educate and share information about malicious software, I would say that it is far more helpful to explain how the malware works, and share information about to prevent, detect and remediate it, is far more valuable than the sharing of samples of said malware.

Regards,

Aryeh Goretsky
 

*I just had my semi-annual review about week and a half ago, and education and sharing figured prominently in it.  Without getting into numbers, management was very happy with my work during the covered timeframe.

frankly, i just follow the simple principle ==>> PoC is needed. 1st PoC is rather harmless, it uses aliases of fish/bash to hijack sudo, then prints silly prompt (partial solution is making  ~/.fishrc & ~/.bashrc only-read). 2nd PoC i made dedicated to just well-prepared Researchers, because it can really harm computer w/ overheating + mechanical damage for hdds is possible too.. Modern operating systems must seriously rethink the way of syscalls. However, most simple solution is downclocking hw, good-ol' bare metal is not that fragile. :)

Link to comment
Share on other sites
Grand Master

adrynalyne

Posted
Posted
On 08/06/2024 at 05:33, SarK0Y said:

frankly, i just follow the simple principle ==>> PoC is needed. 1st PoC is rather harmless, it uses aliases of fish/bash to hijack sudo, then prints silly prompt (partial solution is making  ~/.fishrc & ~/.bashrc only-read). 2nd PoC i made dedicated to just well-prepared Researchers, because it can really harm computer w/ overheating + mechanical damage for hdds is possible too.. Modern operating systems must seriously rethink the way of syscalls. However, most simple solution is downclocking hw, good-ol' bare metal is not that fragile. :)

Common sense says that this is not a place for linking to and using POC exploits to discuss security. 

  • Dick Montage and +hedleigh
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.