Re: [iwar] Fast Forward: ?seven deadly attributes? of a more dan gerous worm

From: Kevin Manson
From: cybercop@mindspring.com
To: iwar@egroups.com
Fri, 12 May 2000 10:55:12 -0400

Messages sorted by: [ date ][ subject ][ author ][ recipient ]
Next message: From: To: "[iwar] intro per FC's request"
Previous message: From: Eric Wilson To: "[iwar] (unknown)"

fc  Fri May 12 07:52:15 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Fri, 12 May 2000 07:52:15 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri May 12 14:52:07 2000)
X-From_: sentto-279987-350-fc=all.net@returns.onelist.com  Fri May 12 09:51:05 2000
Received: from mv.egroups.com (mv.egroups.com [208.50.144.81]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id JAA26344 for ; Fri, 12 May 2000 09:51:05 -0500
X-eGroups-Return: sentto-279987-350-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by mv.egroups.com with NNFMP; 12 May 2000 15:51:10 -0000
Received: (qmail 10242 invoked from network); 12 May 2000 14:51:01 -0000
Received: from unknown (10.1.10.26) by m4.onelist.org with QMQP; 12 May 2000 14:51:01 -0000
Received: from unknown (HELO maynard.mail.mindspring.net) (207.69.200.243) by mta1 with SMTP; 12 May 2000 14:51:01 -0000
Received: from mindspring.com ([209.138.55.172]) by maynard.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id KAA22417; Fri, 12 May 2000 10:50:56 -0400 (EDT)
Message-ID: <391C1B50.9A2B4FD9@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD NSCPCD47  (Win98; I)
X-Accept-Language: en
To: iwar@egroups.com
Cc: dsanders@tasc.com
References: <10F6484D1E7FD3119B8C00902727A34501BE4B16@csoc-mail-box.csoconline.com>
From: Kevin Manson 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Fri, 12 May 2000 10:55:12 -0400
Reply-To: iwar@egroups.com
Subject: Re: [iwar] Fast Forward: ?seven deadly  attributes? of a more dan gerous  worm
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

From: Kevin Manson
To: iWar Listserv 

Very good points, Leo.

One area that has promise is getting away from the 'signature' 
hash-value method of identifying malicious code. Dave Sanders, 
who is with TASC/Litton gave a very interesting presentation
at our Cybercop panel in Myrtle Beach several weeks ago about
protection against hostile code that operates at the functional
(or 'DNA' level) not the traditional method that is 'blinded' 
when a single bit is changed in mutating malicious code. Dave,
BTW, has been on of our instructors at the Federal Law 
Enforcement Training Center and developed the Army CERT BO
detection and removal tool within a week of Sir Dystics release
of BO at Defcon . . .

Kevin Manson

----------------------------------------------------------------------
  

"Leo, Ross" wrote:
> 
> The mere fact that this list exists (meaning that someone thought it
> up) convinces me that our erstwhile adversaries are already working on
> this sort of pest.  As Anthony Hopkins said in a recent film "what 
> one man can do, another can do".  
> 
> Ross A. Leo
> 
> Ross A. Leo, CISSP, CBCP
> Director, Information Assurance & Security
> CSOC Houston
> Voice:  281.853.3516
> Fax:      281.853.3140
> 

> ----------------------------------------------------------------------


 
------------
* Sig *
Kevin Manson
------------
http://all.net/cybercop/Files/bio.htm
mailto:cybercop@mindspring.com
248.920.5231 Internet Fax (Insecure)
http://www.newhaven.edu/california
50 Ways to Protect Your Information Assets
http://all.net/journal/50/cybercop.html
------------------------------------------------------
"If You Can't Vet Your Code, At Least Vet The Coders"
------------------------------------------------------
Cybercop Crypto Cracking Consortium: 
"A spare CPU cycle is a terrible thing to waste."
------------------------------------------------------

[Non-text portions of this message have been removed]


------------------------------------------------------------------------
There's still time to order Calyx & Corolla flowers for mom.
These fresh and elegant bouquets are available for delivery 
by Mother's Day. To order, please visit
http://click.egroups.com/1/4103/11/_/595019/_/958143062/
------------------------------------------------------------------------

------------------
http://all.net/

Next message: From: To: "[iwar] intro per FC's request"
Previous message: From: Eric Wilson To: "[iwar] (unknown)"