Slashdot Mirror
Georgia Tech Launches "Titan" Malware Analysis System
wiredmikey writes "A new malware intelligence system developed at Georgia Tech Research Institute is helping organizations share threat intelligence and work together to understand malware and cyber attacks. Dubbed "Titan", the system lets members submit threat data and collaborate on malware analysis and classification. Unlike some other systems, members contribute data anonymously so no one would know which specific organizations had been affected by a specific attack. Titan users also get reports on malware samples they have submitted, such as the potential harm, the likely source, the best remedy, and the risks posed by the sample. The analysis is based on what GTRI researchers learn by reverse-engineering the malware. The project currently analyzes and classifies an average of 100,000 pieces of malicious code each day and growing. While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan."
I trust this will run on my iPad?
So, which vulnerability got 'sploited in Windows this time?
Forcing government and business to use protocols and formats not owned or controlled by Microsoft is the cure.
so it can be used in ReactOS when everyone on XP switches to it in 2014.
Just to know which of my toys had been found. Marvelous system it should make my stuff much more robust.
Without it, this might as well be Georgia Tech vaporware.
did a chan just break out on slashdot?
I think it's safe to say at this point: /slashdot
SAVE US MALDA. YOU'RE OUR ONLY HOPE
The UK Government tried doing this - the IT Security section of CCTA acted as an independent malware clearing house - in the 1990s. They received reports from all the AV companies, merged and anonymised them and then made the cleaned data available to the industry. Then 9/11 happened, the IT Security section of CCTA was closed down and responsibility given to GCHQ, and all interaction with industry was halted....
Protip brah: they're called aborigines. And stop being a racist.
Aborigines are indigenous to Australia so they are called Aborigines, indigenous Australians or the people that the British stole Australia from.
African Americans, OTOH, are descendents of African slaves in the United States not to be confused with a black person who emigrated from the African continent and became a naturalized citizen. I made the mistake of calling someone who emigrated from Nigeria an African American - I got an earful. The same goes with dark skinned people from Jamaica: don't call them African Americans. Of course, your mileage WILL vary from person to person.
Racial stuff is real tricky in the US.
Responding to Trolls and others because I'm bored with all the Windows is Malware "jokes" here.
One of the problems is that any company that does malware analysis or is involved in malware considers a malware binary or a malicious URL to be their intellectual property. It is difficult or impossible to have one-directional information sharing with a company like the one that I work for. Even two directional sharing is close to impossible. Examine all of these crowd-sourced projects really closely and you'll find that the information does not flow freely out of these projects as easily as it flows in. Usually the organization behind the project (funding the project) is a company like mine and they are benefiting from the free info that people are volunteering. These projects are thought up as ways to get people to give them malware binaries and more data without giving something back. The way to test is to find out how easy or difficult it is to get this project to give you a feed of their collected data. If they give it to you without much of a fuss (ala Phishtank), they're probably a real collaborative organization. On the other hand, if they make it difficult to impossible to get a data feed (virustotal, anubis), they're a front for one or more security companies. The ones that are especially insidious are the ones associated with universities (anubis). The association with the university adds legitimacy and the look of openness, but really the data still flows in one direction to a corporate entity.
.. the worst /. discussion ever?
// MD_Update(&m,buf,j);
Slashdot even covered something like this over a month ago...CrowdRE is the collaborative model put together by a group called CrowdStrike. The Georgia Tech version sounds like a "me too" thing, if you ask me...and I don't know that I'd trust a university to ensure the functional privacy of something like this either.
For your security, this post has been encrypted with ROT-13, twice.
Something called the TITAN NIC.
While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan.
I read the article, and I'm just gonna say this to be snarky, and not to make any serious complaint: The entire venture may seem to push a certain product... just by the percentage of malware for each platform they'll cover, it will appear they are giving far too much attention to one platform in particlar, as though the other available platforms with far less malware hardly exist or are hardly important.
Do they provide a breakdown as to the number of malware samples per platform?
AccountKiller