[LUG] Strange permissions and sound issues. A coincidence?

[Migel Wimtore <migel_wimtore@xxxxxxx>]

Hello. Well, my name is Michael (Mike, whatever) and I live in the Exeter area. I have been lurking on this list for a couple of months now and chimed in the other day, on the Time To Upgrade thread. 

I must say it has been very interesting to follow the recent security thread. Thanks Martijn, bad apple, and others. 

Seen as that thread seemed to generate allot of interest, I thought I would mention the Tech Snap podcast. It should make an informative listen to anyone interested in contemporary computer related security issues. The second host, Alan, is very knowledgeable about all the topics the show covers. The other presenter's, Chris's, antics will be familiar to listeners of other Jupiter broadcasting shows (eg, The Linux Action Show) . 

It is a lighthearted but very informative show. I believe both noobs and those more knowledgeable will get allot from this weekly podcast (find it on Google and throw the rss into gpodder). 

I hope plugs are ok (I am in no way affiliated, etc). 

Cheers to all. 

Mike.

Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote:

On Sat, Nov 3, 2012 at 8:57 PM, Simon Avery wrote:
Whilst checking, I also found this, shame it's a little tenuous;
http://anti-virus-rants.blogspot.co.uk/2011/02/ethical-conflict-in-anti-malware-domain.html

Hmm. That's a very complicated case. I know people who have worked
together with the US Government to fight malware and at the same time
analysed (and thus effectively dismantled) malware written by that
same government. HBGary is a government contractor, not the government
itself, but it's an equally grey area. Perhaps even more so, because
HBGary went after some bad guys -- hacktivists -- which could
justify
co-operating with an AV company, but they possibly did so by writing
malware itself.

I'm not saying McAfee did the right thing by working with HBGary, but
accusing them of being "in bed with malware writers" goes a little too
far.

For a long time, the AV industry saw the "virus-world" as black and
white: you either wrote viruses or you fought them. And if you were
once part of the former group, you would never become part of the
latter. I once had someone at an AV company proudly tell me how he'd
turned down an otherwise ideal candidate after the latter had
sheepishly admitted to once having written a virus when he was 15. (I
think the main reason behind this attitude was a fear of the common
accusation that AV companies wrote the viruses themselves becoming
more widespread.)

Most people have changed their attitudes now. (But not everyone, as
that blog post shows.) Things like
penetration testing and ethical
hacking, while technically "bad things" are well-appreciated by most
security experts.

I believe AV companies would have paid for an
advantage over over competitors in a saturated market that has existed for,
what, over 25 years?

You'd be surprised at how much technical information is shared among
AV researchers. If one finds a sample it is quickly shared with
researchers working for competitors. It has been argued that this has
made the AV industry saturated in practise, as without these
connections, you won't be able to get hold of malware samples quick
enough. Not sharing things, or even not sharing things fast enough, is
seriously frowned upon, and has the potential of samples not being
shared with you. Hence there is no incentive to pay malware
writers.
(Putting aside the question of how much of an advantage this would
give you.)

(Sorry, this must be pretty boring for those who don't care very much
about computer security.)

Martijn.

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq