May 4, 2008

BaySec Wednesday, May 7th


Girls drinking a beer
Originally uploaded by surfstyle
BaySec is this Wednesday, May 7th at Pete's Tavern. As usual, you can find us by looking for the crowd of socially inept nerds to the left side of the bar.

Posted by Adam J. O'Donnell on May 4, 2008 8:50 PM | | Comments (1)

May 3, 2008

Spam is now 30.

Spam is now 30. Frankly, if spam still bothers you after all this time, buy a better filter.

Posted by Adam J. O'Donnell on May 3, 2008 10:17 PM | | Comments (0)

April 29, 2008

Kraken Reveng

There is a solid writeup by Pedram Amini @ TippingPoint on the Kraken RevEng here and here. Thanks to Richard Soderberg for the heads up.

Posted by Adam J. O'Donnell on April 29, 2008 10:13 AM | | Comments (0)

April 28, 2008

Show me yours...


Bay to Breakers Bib
Originally uploaded by Adam J. O'Donnell
My bay to breakers bib arrived.

Posted by Adam J. O'Donnell on April 28, 2008 10:25 PM | | Comments (0)

April 23, 2008

Storm Defeated?

Apparently if you have kernel-level and below control of every Windows PC out there, you can pull out a botnet infestation. Let's see how long it takes for either the botters to be caught or for a new infection to come out that disables Windows Update. Thanks go to Bryan and Jose for the heads up.

Posted by Adam J. O'Donnell on April 23, 2008 1:16 PM | | Comments (0)

April 17, 2008

How Storm Communicates

Thorsten Holz and team put together a fantastic paper on how the Storm Worm communicates and how it can be infiltrated. Thanks go to Jose Nazario for the heads up.

Posted by Adam J. O'Donnell on April 17, 2008 10:42 PM | | Comments (0)

April 15, 2008

Security Blogger's Meetup 2008

As you can see from the picture, I was very tired by the time the Security Blogger's Meetup rolled around at RSA. TechDulla, Alan Schimel, Jennifer Leggio and many others have provided writeups (Martin McKeay has video) of the event, and I really can't add too much to what has been said.


Long story short: Good time, and hats off to Jennifer for pulling off a fantastic event.

Posted by Adam J. O'Donnell on April 15, 2008 11:18 PM | | Comments (0)

April 14, 2008

What the hell have I been doing? Part $e^{j\pi}$

I just submitted an article for IEEE Security and Privacy and spent the past week attending RSA. I did do a podcast for Schwartz PR during their RSA party that is available here.

Posted by Adam J. O'Donnell on April 14, 2008 2:53 PM | | Comments (0)

Stupid web 2.0 grumble grumble...

Yet another means of promoting this site: Technorati Profile.

Posted by Adam J. O'Donnell on April 14, 2008 2:52 PM | | Comments (0)

April 11, 2008

Malware shifts and value chains.

Amrit Williams is calling me on predicting malware emergence. His assertion is that by the time AV improves enough to push attackers onto Macs at their current market share, then attackers will shift to another layer altogether and abandon the idea of monetized malware. I had always assumed that the value chain established by attackers would be largely preserved, but he may be right: there could be a point where AV is so good that attackers will just move to popping webmail accounts and routers rather than attacking client systems. Now wouldn't that be nice.

Posted by Adam J. O'Donnell on April 11, 2008 5:33 PM | | Comments (1)