April 1, 2008

Security Marketing: Hugs for Hackers

AVG's Hugs for Hackers is definitely less mean-spirited than Palo Alto's Security Idol.

Applied Security Visualization gets a bookcover

Raffael Marty's upcoming book, Applied Security Visualization, now has book cover art.

Judging from the cover art, I think the book has something to do with applied security visualization and dinosaurs with targeting reticles etched into their eyeballs.

April 2, 2008

CEAS CFP Extended

If you were planning on submitting a paper to CEAS, the Conference on E-Mail and Anti-Spam, you now have a few more days. Although it is not yet reflected on the website, the CFP has been extended to April 10th.

April 3, 2008

Biological Niches and Malware Prevalence

During a recent presentation I was asked a rather astute and interesting question. The audience member compared the information security world to the biological world, and wanted to know why, when parasites fill every biological niche in the ecosphere, the niche of Macs has not been infested with malware. I have now forgotten what I said in response, but I do remember thinking at the time my answer was bullshit.

The correct answer is as follows: The biological analogy frays at the edges when you consider monetized malware. Parasites inhabit every biological niche because their only goal is to propagate the species, not be the biggest species out there. Malware writers' goal is to make the most money, and will spend their energy creating attacks that allow them to make the most money. The motive of profit maximization causes them to abandon portions of the target space entirely. In terms of the biological argument, consider a parasite was not rewarded for continuing its species, but instead was rewarded for the number of infected hosts. If the parasite had the opportunity to make the split decision between producing offspring that can infect coelacanths or infect beetles, which would be the better strategy?

April 4, 2008

So say we all.

Today is a very special day. New episodes of Battlestar Galactica air tonight.

April 5, 2008

This article on the potential emergence of Macintosh malware appears with auspicious timing.

April 7, 2008

RSA hates the Irish

Because I have an apostrophe in my last name, I attempt a SQL injection attack every time I fill out a form. The RSA conference is aware of this, and requires everyone who has an apostrophe in their last name to stand in a separate line. Apparently they have not yet learned that it is possible to secure a webapp against the dreaded ' without blacklisting the content.

I find this to be equivalent to segregation against those of us who have apostrophes in our name, and by the principle of transitivity, RSA is attempting to segregate out the Irish without posting an "Irish Need Not Apply" sign. Mark my words, first they will come for our crypto keys, and then they will come for our potatoes.

April 8, 2008

Maybe RSA doesn't hate the Irish.

Bono was walking the RSA floor last night. He was there for Nokia, which rocks security apparently. I guess RSA doesn't hate the Irish too much.

April 10, 2008

RSA still hates the Irish.

Nokia, the phone company that doesn't do security but does OEM SourceFire and CheckPoint technology, brought in the fake Bono.

Let's say you are a startup and you choose to use the Google App Engine for your infrastructure. If Google buys you out, they don't have to port the code. They directly quantify your company's technology opex and revenue, since they see both the CPU overhead and the eyeball count via Google Analytics. Brilliant.

April 11, 2008

Malware shifts and value chains.

Amrit Williams is calling me on predicting malware emergence. His assertion is that by the time AV improves enough to push attackers onto Macs at their current market share, then attackers will shift to another layer altogether and abandon the idea of monetized malware. I had always assumed that the value chain established by attackers would be largely preserved, but he may be right: there could be a point where AV is so good that attackers will just move to popping webmail accounts and routers rather than attacking client systems. Now wouldn't that be nice.

April 14, 2008

Stupid web 2.0 grumble grumble...

Yet another means of promoting this site: Technorati Profile.

What the hell have I been doing? Part $e^{j\pi}$

I just submitted an article for IEEE Security and Privacy and spent the past week attending RSA. I did do a podcast for Schwartz PR during their RSA party that is available here.

April 15, 2008

Security Blogger's Meetup 2008

As you can see from the picture, I was very tired by the time the Security Blogger's Meetup rolled around at RSA. TechDulla, Alan Schimel, Jennifer Leggio and many others have provided writeups (Martin McKeay has video) of the event, and I really can't add too much to what has been said.

Long story short: Good time, and hats off to Jennifer for pulling off a fantastic event.

April 17, 2008

How Storm Communicates

Thorsten Holz and team put together a fantastic paper on how the Storm Worm communicates and how it can be infiltrated. Thanks go to Jose Nazario for the heads up.

April 23, 2008

Storm Defeated?

Apparently if you have kernel-level and below control of every Windows PC out there, you can pull out a botnet infestation. Let's see how long it takes for either the botters to be caught or for a new infection to come out that disables Windows Update. Thanks go to Bryan and Jose for the heads up.

April 28, 2008

Show me yours...

Bay to Breakers Bib
My bay to breakers bib arrived.

April 29, 2008

Kraken Reveng

There is a solid writeup by Pedram Amini @ TippingPoint on the Kraken RevEng here and here. Thanks to Richard Soderberg for the heads up.