

Despite the Hyperbole, Flame is Kind of Lame - lawn
http://xato.net/malware/flame-is-kind-of-lame/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+mbwin+%28MB%27s+Windows+Security%29&utm_content=Google+Reader

======
PaulHoule
Well, back in the day, before you'd even set your fingers to a keyboard, there
was this teenager in Brazil who thought he was a great hacker.

He hacked into a porno site and the operators found out who he was and called
his home. He's like "Ok, Ok, I'll stop, just don't call my mom."

Well, I'm working with some guys running a voice chat site and one day he
starts giving us trouble. Our CEO gets the phone number from the guys who ran
the porno site. This time they call and his mom answers.

Moral: lamers come in all ages.

Generalizing about programmers attitudes, ambitions and talents based on their
age is one of the most harmful things you can do.

I know a guy who's a 60-something who can't really retire because he built a
new printer interface for IBM mainframes. New York State found that the
standard printer interface wasn't fast enough to print out their paperwork
fast enough to satisfy legal requirements. He designed the hardware and wrote
device drivers in Macro Assembler.

They can't find anybody, at any age, who can maintain this.

He's only on call for occasional assignments but he can afford to spend half
his time in Hawaii and half in upstate.

------
munin
"which employs a bunch of 40-something suburbanites"

right, because only 20something kids in cutoff jeans and tshirts who live in
SF/NY are capable of writing truly _excellent_ code.

~~~
joelhooks
I'm pushing 40, but I started wearing jorts. Just in case.

------
tangue
Sure the querystring looks stupid, but if finding an new MD5 collision attack
to build a fake Microsoft certificate is the job of a lamer, I don't know how
to call myself ...

------
dhx
NetBus[1] (1998), Back Orifice 2000[2] (1999) and Sub7[3] (1999) demonstrate
that feature packed malware is not a novel concept. Kids were pranking each
other with webcam-hijacking, audio-recording, port-redirecting, password-
sniffing, auto-updating software in the late 90’s.

Hans Dobbertin, Wang Xiaoyun, Arjen Lenstra, Alexander Sotirov, Marc Stevens,
Jacob Appelbaum, David Molnar, Dag Arne Osvik, Benne de Weger, Dengguo Feng,
Xuejia Lai, Tao Xie, Hongbo Yu, Ron Rivest and numerous other researchers were
instrumental from as early as 1996[4] in demonstrating that MD5 was broken.
The MD5 collision attack used by Flame will be an implementation of and minor
extension to this prior work.

My point is that technology development is incremental and tends to occur in
small steps. New advances build off the work of many others. An understanding
of hacker history is essential to any meaningful malware analysis. Early
e-zines such as Phrack, the communities of 2600, CCC, Black Hat/DEF CON and
the activities of the cypherpunk movement are good starting points. Without
this historical perspective past mistakes will be repeated and insignificant
matters over-hyped to the detriment of areas that matter.

Cryptography conferences, arXiv, hacker conferences (HOPE Number 9, DEF CON
20, 29C3), open source mailing lists and security researcher blogs are the
places to look for new developments.

[1] <https://en.wikipedia.org/wiki/NetBus>

[2] <https://en.wikipedia.org/wiki/Back_Orifice_2000>

[3] <https://en.wikipedia.org/wiki/Sub7>

[4] <https://en.wikipedia.org/wiki/MD5#History_and_cryptanalysis>

------
jdc2172
I read on BBC that flame used state of the art encryption for its code based
on a paper published in 2008. Apparently, they even came up with their own
variant of the encryption scheme

<http://www.bbc.co.uk/news/technology-18365844>

------
planetguy
>Nonetheless, the fact that it probably wasn’t written by an experienced
hacker is what allowed it to go so long being undetected. Ironically it’s lack
of evasion techniques let it evade detection.

So what you're saying is that it sucks, and the fact that it sucks is what
made it so successful?

Have you considered the possibility that the Flame authors are smarter than
you?

