[Emerging-Sigs] Emerging Threats Sells Out!!!

evilghost@packetmail.net evilghost at packetmail.net
Fri Oct 1 19:49:21 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 10/01/2010 05:45 PM, Martin Holste wrote:
> I'm late to the party on this comment train, but I do have a few
> comments to share.

That's an amazingly fair/accurate synopsis that I can't find any aspect
that I could disagree with.  Thanks for sharing this.  It's nice to get
some validation that the closed-source GID3 rules aren't evil because
they're closed-source but they're evil because they stifle just about
every aspect of investigation rendering them largely useless.

I have false positives with GID3 to the same frequency with GID1.  GID1
I can view the rule, view the offending data, and also look forward/back
against data captured with daemonlogger or other libpcap based solutions
which record traffic.  GID3 I'm faced with a "trust us" aspect and the
false positives negate my ability to react intelligently.

I've also lost confidence in the VRT team to properly apply the needed
QA; time and time again they have proved that QA is a second-thought and
rush-job rule releases result in epic failure.

I've been known to submit crap upstream, the difference is I'm not
digging in your wallet, and my intentions aren't profit motivated.  When
I won the Signature Contest I sent my SWAG over to the VRT team and to
Matt Olney; I never heard if they got it.

I'd like to think at night, when no ones watching, they secretly wear it.

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMpnOBAAoJENgimYXu6xOHmigP/iTXDjrfq0R98lqerm9XNr4q
OsiYqnRE/kpWaAs8KmPz00gLEiA3xexav/2XfWgaZYPfhdH+vhY5K92dWk2yLfMW
3Yk8cd9yw4lZFY+ob7XYETj9pAFQG+gbRwGzRHK1PRvc6nQZJpZ2+OLBVlUgg6bF
pyzS42966zfXV4/PwKrsf0y5WntWFIX54HnPOLFQbJzqewSWbmc0v9H9SCE3+Zp9
1Vs21T3MzfE4dOfFghtO+LC+1ViXRvraUoDVO4mChIQ9dlb5eJ/S3Ya8K6hPW/HF
vkrxJFtsS6lZVjfYqNkAk2Akvdvzsb3ohwM6bVt/KH6fbh7cCRE8kwvgQfCJU8vf
AHx1weWWgLlqugMSuayYOiQfd/tQqpevuOFgw01XWZFcAp1G5IY5zPdWSjN9sklL
ogoknYMH3+HQuWNObfYyFyjLiA3vRMkr5KRXn/l/OULYQyyiK2M+iyz8R4MqoC1P
u3ixYMAHa44icKqRkAqvPXiswOd5gQm3pjWk00yxy8PHwlIEo4FBIRf0WDDC/auU
QQ9g0yrTTwPJMfTdwJpMR3C11+GUFpJd3v3LiQ/qypw+nJAeBN4+WUp9P0IJmvGX
G+rT2NXcY/45LB8qWE11fRhAuCdHoV0O62bFXaGwxXMcoqYtFoDUYaBbulC5BCUu
J4vZt3OmTn55RoC9ZyVt
=lLxK
-----END PGP SIGNATURE-----



More information about the Emerging-sigs mailing list