Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:KNOW what "fastflux" is? (Score 1) 467

by bouldin (#48901031) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

NO, by the time those blogs post a domain name, it is not being used anymore. The malware will generate another domain name based on the date/time, and you will not have that domain name in your blacklist.

See subject: I'm protected if an entry's blocked in hosts, period. Yes, I have any DGA generated hostnames. I get them from my sources in the security community I noted.

Do you understand what words mean? I've walked you through it, but you still don't understand the difference between DGAs and Fast Flux. I even gave you a link to an opendns blog that explains what DGAs are. I guess you will never get it.

LMAO - listen you little ARROGANT NOBODY: Has your work EVER been a FINALIST @ Microsoft TechEd, 2 yrs. in a ROW, in its HARDEST CATEGORY? Mine has. It also went into commercially sold ware to this day because of it. * How about you? You pick on my shareware here, where's YOURS that does a BETTER JOB?? It's not. APK P.S.=> Unbelievable - I've been writing code professionally AND SECURING PC's before you were out of diapers I'd strongly wager!

Uh, no, you have never written any commercially sold code.

I've developed security products for actual security companies, and work as a security engineer. Where do you "work," your mom's basement?

Arrogant and stupid are a bad combination.

Comment: Re:I still get them added as blocked (Score 1) 467

by bouldin (#48898125) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

* See Gar Warner's blog (has many DGA botnets' C&C + payload servers listed). Thus - I don't *HAVE* to predict them in hosts: I simply block them as they are added. If they last longer than 1 second, I get them added as blocked by 12 reputable sources in the security community OR from security blog articles (like Mr. Warner I mentioned). It works simply because DGA uses hostnames.

NO, by the time those blogs post a domain name, it is not being used anymore. The malware will generate another domain name based on the date/time, and you will not have that domain name in your blacklist.

You still don't get it, so I guess I'm giving up. This is like explaining Calculus to a housecat.

P.S.=> No matter what you say, as long as I get entries for ANY KIND of threat online as blocked entered in hosts (and I do by the truckloads every hour here due to my program being automated to pickup that data), they cannot harm me

This is not true! Malware has so many ways it can circumvent a hosts file. A hosts file is great for blocking ad domains, but it does NOT provide strong security.

Here are just some of the ways malware can completely bypass your hosts file:

  • It can hardcode a C&C IP address, like the Sony Pictures malware did
  • It can hardcode IP addresses for a peer-to-peer network, like the new Zeus variants do
  • It can just send the UDP port 53 packets to resolve DNS itself, bypassing the system calls that would check the hosts file
  • It can disable checking of the hosts file
  • I could keep going. There are a LOT of ways to bypass the OS hosts file.

Comment: Re:You fail again... apk (Score 1) 467

by bouldin (#48896691) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

The odds of me hitting a domain that lasts 1 second? Near zero.

Nobody said DGAs use domains that last 1 second. I said 1 hour. Some malware might use domains that last 24 hours. But, the point is that the domain name calculated by the malware changes faster than you can update your blacklist.

Again, clue: Hosts block a domain name, no matter what, I can't be harmed by it

I say again, by the time you know the domain name, it is no longer being used. Your hosts file program does not magically predict domain names.

Comment: Re:Bouldin: "Eat your words"... apk (Score 1) 467

by bouldin (#48896399) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

Do you understand how DGAs work?

The malware hits an ephemeral domain and then the bot herders throw that domain away. The domain may only exist for an hour.

That is the whole point of domain-generating algorithms. They defeat blacklists. That is the whole point.

Also, you dodged my point about hardcoded IPs, which is just one technique malware can use to circumvent host files.

Comment: Re:Too many words? Come on, lol! (Score 1) 467

by bouldin (#48896165) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

That article doesn't even mention hosts files or your program.

Don't try to bullshit me. You and I both know you have never had any commercial success. You are a pest who spams your crap "hosts file manager" all over the forums here.

Your hosts file approach doesn't even address hardcoded IPs or domain-generating algorithms. Start working on another approach or shut the fuck up.

Comment: Re:Posting ac restricts me (Score 1) 467

by bouldin (#48894011) Attached to: Ask Slashdot: Best Anti-Virus Software In 2015? Free Or Paid?

I think part of FuturePower's point is that you have too many words, so it isn't clear what you are trying to communicate. Your whole paragraph about Howard Stark is confusing and irrelevant.

Not trying to criticize - trying to help

I find it's best to pick maybe 3 points and stick to those. One key point should be WHAT you are offering. Is it a hosts file for whitelisting? A hosts file for blacklisting? A software program that intercepts DNS requests? How do you choose good domain names? I honestly can't tell.

Comment: Re:Absolutely fair.. (Score 1) 114

by bouldin (#48883111) Attached to: Apple Agrees To Chinese Security Audits of Its Products

Here in America, we don't even audit our damn voting machines.

Unmodified, general purpose COTS non-voting software (e.g., operating systems, programming language compilers, data base management systems, and Web browsers) is not subject to the detailed examinations specified in this section. However, the accredited test lab shall examine such software to confirm the specific version of software being used against the design specification to confirm that the software has not been modified. Portions of COTS software that have been modified by the vendor in any manner are subject to review.

The parts of the standard that actually cover auditing the voting code aren't exactly thorough, either. After all, democracy, schmemocracy!

Comment: Re:What does Coburn know about infosec? (Score 1) 68

by bouldin (#48751721) Attached to: Report: DHS Failing On Cybersecurity

I read the infosec part. The report criticizes DHS for concentrating on vulnerability management and using signature-based detection, which it suggests is not worthwhile because of zero-day vulnerabilities. It criticized the DHS for not following best practices itself.

That criticism is fair, but also applies to almost all infosec efforts, both in the public and private sector.

The only suggestion offered by the report was to cite a "cybersecurity expert" who says we should focus on deterrence. The report did not explain what deterrence means in this context. What are they suggesting? We hang malware to death to set an example? We sanction North Korea every time we think maybe they sponsored an attack that we traced back to China? The metaphor to warfare does not hold, and that failure is lost on the author[s] of the report. They don't get it.

Comment: What does Coburn know about infosec? (Score 2) 68

by bouldin (#48751455) Attached to: Report: DHS Failing On Cybersecurity

Why does anybody care what a 66-year-old doctor from Wyoming thinks about information security?

The report criticizes the DHS as ineffective at "cybersecurity" because of.. zero days or something.

It's clear that neither Coburn, nor the author of the report, understands infosec or how it is different from kinetic war. You can't amass troops or use force. It's very difficult to even know who attacked you.

You can do something like building defensive lines, but that's exactly what the report criticizes.

GREAT MOMENTS IN HISTORY (#7): April 2, 1751 Issac Newton becomes discouraged when he falls up a flight of stairs.

Working...