NP-Incomplete

AVG's Hugs for Hackers is definitely less mean-spirited than Palo Alto's Security Idol.

Raffael Marty's upcoming book, Applied Security Visualization, now has book cover art.

Judging from the cover art, I think the book has something to do with applied security visualization and dinosaurs with targeting reticles etched into their eyeballs.

If you were planning on submitting a paper to CEAS, the Conference on E-Mail and Anti-Spam, you now have a few more days. Although it is not yet reflected on the website, the CFP has been extended to April 10th.

During a recent presentation I was asked a rather astute and interesting question. The audience member compared the information security world to the biological world, and wanted to know why, when parasites fill every biological niche in the ecosphere, the niche of Macs has not been infested with malware. I have now forgotten what I said in response, but I do remember thinking at the time my answer was bullshit.

The correct answer is as follows: The biological analogy frays at the edges when you consider monetized malware. Parasites inhabit every biological niche because their only goal is to propagate the species, not be the biggest species out there. Malware writers' goal is to make the most money, and will spend their energy creating attacks that allow them to make the most money. The motive of profit maximization causes them to abandon portions of the target space entirely. In terms of the biological argument, consider a parasite was not rewarded for continuing its species, but instead was rewarded for the number of infected hosts. If the parasite had the opportunity to make the split decision between producing offspring that can infect coelacanths or infect beetles, which would be the better strategy?

Today is a very special day. New episodes of Battlestar Galactica air tonight.

This article on the potential emergence of Macintosh malware appears with auspicious timing.

Because I have an apostrophe in my last name, I attempt a SQL injection attack every time I fill out a form. The RSA conference is aware of this, and requires everyone who has an apostrophe in their last name to stand in a separate line. Apparently they have not yet learned that it is possible to secure a webapp against the dreaded ' without blacklisting the content.

I find this to be equivalent to segregation against those of us who have apostrophes in our name, and by the principle of transitivity, RSA is attempting to segregate out the Irish without posting an "Irish Need Not Apply" sign. Mark my words, first they will come for our crypto keys, and then they will come for our potatoes.

Bono was walking the RSA floor last night. He was there for Nokia, which rocks security apparently. I guess RSA doesn't hate the Irish too much.

Nokia, the phone company that doesn't do security but does OEM SourceFire and CheckPoint technology, brought in the fake Bono.

Let's say you are a startup and you choose to use the Google App Engine for your infrastructure. If Google buys you out, they don't have to port the code. They directly quantify your company's technology opex and revenue, since they see both the CPU overhead and the eyeball count via Google Analytics. Brilliant.

Amrit Williams is calling me on predicting malware emergence. His assertion is that by the time AV improves enough to push attackers onto Macs at their current market share, then attackers will shift to another layer altogether and abandon the idea of monetized malware. I had always assumed that the value chain established by attackers would be largely preserved, but he may be right: there could be a point where AV is so good that attackers will just move to popping webmail accounts and routers rather than attacking client systems. Now wouldn't that be nice.

Yet another means of promoting this site: Technorati Profile.

I just submitted an article for IEEE Security and Privacy and spent the past week attending RSA. I did do a podcast for Schwartz PR during their RSA party that is available here.

Thorsten Holz and team put together a fantastic paper on how the Storm Worm communicates and how it can be infiltrated. Thanks go to Jose Nazario for the heads up.

Apparently if you have kernel-level and below control of every Windows PC out there, you can pull out a botnet infestation. Let's see how long it takes for either the botters to be caught or for a new infection to come out that disables Windows Update. Thanks go to Bryan and Jose for the heads up.

There is a solid writeup by Pedram Amini @ TippingPoint on the Kraken RevEng here and here. Thanks to Richard Soderberg for the heads up.