Hello and welcome to the Thursday, July 27th, 2003 edition of the Sands and its Stormsend, Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Personally, I have often stated I'm not a big fan of sort of IP address block list. There is a lot of, well, a suspect sort of

evidence that's sometimes being used to create these block lists. But well known that many good

guys, but also bad guys are blocking traffic to specific IP addresses. Xavier looked at the specific malware sample

to figure out, well, the particular IP addresses

that are being blocked here,

what they have in common,

and how they are actually being used.

Turns out a lot of cloud providers

are being listed here in this particular

sample. Could be that attackers are suspecting that maybe there are some sort of analysis

systems at these IP addresses, or maybe just that they don't consider these particular cloud

providers valid or worthwhile targets for the particular malware,

given that malware often does target client systems,

so they're less likely going to be located in these cloud environments.

Overall, I think same applies to the back guys as to the good guys,

that sometimes these block lists are not necessarily

built out of solid and robust evidence, but more or less some anecdotal evidence where

maybe a particular attacker had a bad experience with a particular IP address.

End-to-end encryption for messaging systems has been sort of a hot topic these last few years,

like with various offerings from companies like Signal.

Google now stated that it will implement end-to-end encryption, but it will actually be based on an open standard.

...