A look at the interview between a MPack Developer and R. Lemos

It is not often you come across a news article that is accompanied by the actual interview transcript.

There is an interesting interview between Robert Lemos of SecurityFocus and one of the MPack Support Team (Aka DreamCoders Support) members [interview transcript here] which become the SecurityFocus article: Newsmaker: DCT, MPack developer [article here].

In the actual transcript I especially enjoyed the part where the DreamCoders Support wanted to see a draft of the article and R. Lemos declined, and DreamCoders Support replied ‘Now I see why there is so many false and stupid things in the newspapers’ [2].

Another interesting point is that much of MPacks hype is attributed to the Anti-Virus companies and their advisories. How much do they really add to an outbreaks success? If we look at the example at hand, not saying that all of them work in the same way, it would seam that anti-virus companies brought the package more fame than originally anticipated (free advertisement! – the marketing department would say).

I would like to point out another issue with this quote: ‘And I advice you to use the Opera with scripts and plugins disabled in order not to be catched by the MPack some day =)’ [2]. This is a very significant statement in the e-commerce world. How can one surf and feel safe when he has to worry about security problems constantly. Many of, no all of the Web 2.0 supported web pages rely on Javascript. If you disable scripting you are left with a very unpleasant, to the eye, and in some cases a non-navigable site. Cheers, to the cat and mouse game of security and security-related problems.

Links Used:

[1] Newsmaker: DCT, MPack developer, Robert Lemos, SecurityFocus, 2007-07-20 http://www.securityfocus.com/news/11476

[2] Robert Lemos and DreamCoders Support Interview Transcript on MPack and other sec. related issues- http://void.su/papers/papers_1.html 

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to A look at the interview between a MPack Developer and R. Lemos

  1. Gareth says:

    With Mpack floating around the net its down to us to protect the server, site we are running to stop the innocent from becoming infected. More education for the general user (98% of home surfers would probably never hear of these exploits). Better Sys Admin and a large drive of security focus. We will never get away from people who exploit code – surely it can only get worse with greater use of technology?

    Personal opinion, sys admin fully trained and fluent in these operating system (many about, all of which highly different) is the answer…

Leave a Reply

Your email address will not be published. Required fields are marked *