No, the burden of proof is on him after his allegation that this started under the Obama administration.

I'm not contacting Eric or telling you where I work, idiot.

Look back through the comments in this Slashdot post and see if there is a single person who likes you or has any respect for you.

NO, by the time those blogs post a domain name, it is not being used anymore. The malware will generate another domain name based on the date/time, and you will not have that domain name in your blacklist.

See subject: I'm protected if an entry's blocked in hosts, period. Yes, I have any DGA generated hostnames. I get them from my sources in the security community I noted.

Do you understand what words mean? I've walked you through it, but you still don't understand the difference between DGAs and Fast Flux. I even gave you a link to an opendns blog that explains what DGAs are. I guess you will never get it.

LMAO - listen you little ARROGANT NOBODY: Has your work EVER been a FINALIST @ Microsoft TechEd, 2 yrs. in a ROW, in its HARDEST CATEGORY? Mine has. It also went into commercially sold ware to this day because of it. * How about you? You pick on my shareware here, where's YOURS that does a BETTER JOB?? It's not. APK P.S.=> Unbelievable - I've been writing code professionally AND SECURING PC's before you were out of diapers I'd strongly wager!

Uh, no, you have never written any commercially sold code.

I've developed security products for actual security companies, and work as a security engineer. Where do you "work," your mom's basement?

Arrogant and stupid are a bad combination.

* See Gar Warner's blog (has many DGA botnets' C&C + payload servers listed). Thus - I don't *HAVE* to predict them in hosts: I simply block them as they are added. If they last longer than 1 second, I get them added as blocked by 12 reputable sources in the security community OR from security blog articles (like Mr. Warner I mentioned). It works simply because DGA uses hostnames.

NO, by the time those blogs post a domain name, it is not being used anymore. The malware will generate another domain name based on the date/time, and you will not have that domain name in your blacklist.

You still don't get it, so I guess I'm giving up. This is like explaining Calculus to a housecat.

P.S.=> No matter what you say, as long as I get entries for ANY KIND of threat online as blocked entered in hosts (and I do by the truckloads every hour here due to my program being automated to pickup that data), they cannot harm me

This is not true! Malware has so many ways it can circumvent a hosts file. A hosts file is great for blocking ad domains, but it does NOT provide strong security.

Here are just some of the ways malware can completely bypass your hosts file:

• It can hardcode a C&C IP address, like the Sony Pictures malware did
• It can hardcode IP addresses for a peer-to-peer network, like the new Zeus variants do
• It can just send the UDP port 53 packets to resolve DNS itself, bypassing the system calls that would check the hosts file
• It can disable checking of the hosts file
• I could keep going. There are a LOT of ways to bypass the OS hosts file.

The odds of me hitting a domain that lasts 1 second? Near zero.

Nobody said DGAs use domains that last 1 second. I said 1 hour. Some malware might use domains that last 24 hours. But, the point is that the domain name calculated by the malware changes faster than you can update your blacklist.

Again, clue: Hosts block a domain name, no matter what, I can't be harmed by it

I say again, by the time you know the domain name, it is no longer being used. Your hosts file program does not magically predict domain names.

You still don't understand. The botherder registers a new domain, has it resolve to the C&C server for an hour, then throws the domain away.

By the time it makes it to your list, it's too late.

As I said, that is the point of DGAs.

Do you understand how DGAs work?

The malware hits an ephemeral domain and then the bot herders throw that domain away. The domain may only exist for an hour.

That is the whole point of domain-generating algorithms. They defeat blacklists. That is the whole point.

Also, you dodged my point about hardcoded IPs, which is just one technique malware can use to circumvent host files.

That article doesn't even mention hosts files or your program.

Don't try to bullshit me. You and I both know you have never had any commercial success. You are a pest who spams your crap "hosts file manager" all over the forums here.

Your hosts file approach doesn't even address hardcoded IPs or domain-generating algorithms. Start working on another approach or shut the fuck up.

I think part of FuturePower's point is that you have too many words, so it isn't clear what you are trying to communicate. Your whole paragraph about Howard Stark is confusing and irrelevant.

Not trying to criticize - trying to help

I find it's best to pick maybe 3 points and stick to those. One key point should be WHAT you are offering. Is it a hosts file for whitelisting? A hosts file for blacklisting? A software program that intercepts DNS requests? How do you choose good domain names? I honestly can't tell.

Here in America, we don't even audit our damn voting machines.

Unmodified, general purpose COTS non-voting software (e.g., operating systems, programming language compilers, data base management systems, and Web browsers) is not subject to the detailed examinations specified in this section. However, the accredited test lab shall examine such software to confirm the specific version of software being used against the design specification to confirm that the software has not been modified. Portions of COTS software that have been modified by the vendor in any manner are subject to review.

The parts of the standard that actually cover auditing the voting code aren't exactly thorough, either. After all, democracy, schmemocracy!

He never said it came from North Korean IPs; he said it came from IPs known to be used by North Korea.

At best, this means some IPs in China that have been tied to attacks on South Korea.

At worst, it's completely meaningless.

I read the infosec part. The report criticizes DHS for concentrating on vulnerability management and using signature-based detection, which it suggests is not worthwhile because of zero-day vulnerabilities. It criticized the DHS for not following best practices itself.

That criticism is fair, but also applies to almost all infosec efforts, both in the public and private sector.

The only suggestion offered by the report was to cite a "cybersecurity expert" who says we should focus on deterrence. The report did not explain what deterrence means in this context. What are they suggesting? We hang malware to death to set an example? We sanction North Korea every time we think maybe they sponsored an attack that we traced back to China? The metaphor to warfare does not hold, and that failure is lost on the author[s] of the report. They don't get it.

Why does anybody care what a 66-year-old doctor from Wyoming thinks about information security?

The report criticizes the DHS as ineffective at "cybersecurity" because of.. zero days or something.

It's clear that neither Coburn, nor the author of the report, understands infosec or how it is different from kinetic war. You can't amass troops or use force. It's very difficult to even know who attacked you.

You can do something like building defensive lines, but that's exactly what the report criticizes.