Friday, March 20, 2009

How security research really works?

Panda security has been publishing blog from what EvilFingers blog has released before them by a minimum of 24 hrs or so.

The following samples show, how Panda Security has taken an existing content, modified the text and never addressed a single word about EvilFingers. Guess this is what "Research" is all about:

http://pandalabs.pandasecurity.com/archive/Have-you-ever-heard-the-term-_2200_Rickrolling_22003F00_-Malware-distributors-have_2E002E002E00_.aspx


http://pandalabs.pandasecurity.com/archive/Metatags-in-malware-websites.aspx


http://pandalabs.pandasecurity.com/archive/Metatags-in-malware-websites_3A00_-II-part.aspx


http://pandalabs.pandasecurity.com/archive/Waledac-Storm-worm_2E002E002E00_-New-Target_3A00_-Valentine_1920_s-day.aspx

http://pandalabs.pandasecurity.com/archive/Happy-Saint-Valentine_2100_.aspx

We sent an email to legal team of Panda Security, but never got a single response.

SANS published a statement that their ISC reader found something: http://isc.sans.org/diary.html?storyid=5917

The ISC reader did not address about EvilFingers is where he found the source of the document about Oscar going wild. Hence, our members wrote comments stating that this could be found in EvilFingers Blog at the appropriate link. But SANS administrator who needs to moderate the comments, denied the comment that had the true source of this blog.

If you really need money out of free security research done by the open world, at least address the people who really deserve the credit. All that the researchers require around the world is recognition to their work. If you steal that research and convert into your discovery, does it show a moral from your end.

Thanks to our security researcher Kalyan, who found these links and contacted SANS to publish the true source or such research.

Contact us if you have any questions: contact.fingers @ gmail.com

- Anushree

No comments: