Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Setting the record straight on "The Return ofKoobface"
From: J Roger <securityhocus () gmail com>
Date: Sun, 21 Mar 2010 08:18:37 -0700

You make valid points. Perhaps n3td3v was actually on to something for once
when he suggested embracing Twitter as a medium for consolidating and
distributing security related news. Not for long term storage etc. but
simple short FYI type messages. Feeds like the Infosec News mailing list
don't work since they only ever publish the big boys like Danchev. FD has
too much SNR issues. etc.

A twitter group with no personal comments, "Hey it was great seeing you @
the con!". Just pure, "Koobface is exploding right now. Is anyone else
paying attention to this? More information @ http://www...";

On Sat, Mar 20, 2010 at 1:14 PM, Mr. Hinky Dink <dink () mrhinkydink com>wrote:

Absolutely you are correct, but if you check the blog there are further
references up to last Friday.  It was a tremendous, jaw-dropping flood of
Kooberz proxies the last two weeks.  And it's still coming.

The point is us Little Guys are paying attention, too.  And sometimes we
catch this shit before the Big Boys like Dancho and Kaspersky wake up and
smell the coffee.  Since February I've been wondering Why The Hell I hadn't
heard anything in the ITsec press on this new resurgence.  Did they hold
back so Dancho could publish his "Ten Things You Didn't Know About The
Koobface Gang" article?  Or so Microsoft could gloat over "taking down" the
Wimpy Waledac botnet?  Is the Good News always published before the Bad
in the security industry press release cycle?

The fact remains, Koobface marches on and the security industry can't stop
it.  Period.  I will be among the first to jump up and down and yell "RA!"
when someone takes it down, but it ain't going to happen soon.  All I can
is sit back and watch while the Big Boys get their headlines.

BTW, I don't consider myself "bitter".  I'm what you might call "tangy".

Thanks for your support,


----- Original Message -----
From: J Roger
To: full-disclosure () lists grok org uk
Sent: Saturday, March 20, 2010 3:28 PM
Subject: Re: [Full-disclosure] Setting the record straight on "The Return

This reads as "waaa i noticed this first and didn't think much of it but
that someone else is making a big deal, i want my credit". Maybe you
reported on it first on your blog, with a single sentence that wasn't even
the primary focus of the post. Regardless if an up rise in koobface is
significantly news worthy or not, you apparently failed to draw enough
attention (or the right attention) to it at the time.

In other words, maybe you did it first, but someone else did it better.

What's more valuable to an enterprise, someone that quickly writes a risk
assessment that's so sloppy the management with authority to act on the
findings don't even bother to read it, or someone that takes the time to
write a report on the same findings that actually speaks to the business
be able to make positive changes happen.

You talk about being bitter towards the security industry (which IS
understandable) but maybe it's time to reflect back a little on yourself.
Maybe it's not ALL the industries fault. Maybe the sources of your
bitterness have a little something to do with your inability to make enough
of the right things happen. Sure you're a "Big Time Security Professional",
but maybe your blog wasn't enough to get the word out. Maybe you felt it
wasn't even worth getting the word out or sounding any alarms. If that's
case though, don't go back now and try to take credit.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]