Update: Dan just let me know that Tillmann Werner and Felix Leder have been working on this for 5 months! Dan came in (and then brought me in) only on Friday. They deserve major credit and thanks for this impressive work. Also, Nmap (which is still free) and the free feed of Nessus have their signatures out for those of you that don’t have an enterprise product.
As you have probably read, a method for remotely detecting systems infected with the Conficker worm was discovered by Felix Leder and Tillmann Werner. They have been working with Dan Kaminisky, amongst others, to come up with a tool to detect the worm and give IT organizations the ability to protect themselves. This is excellent news. The bad news is how unprepared most applications are to handle threats like this. Earlier this morning, the guys at The Honeynet Project were kind enough to…
It is absolutely amazing how quickly time can rush past during the most momentous moments of your life. It was over three weeks ago that my daughter was born, and I’m still trying to figure out what the f&*% just happened. A lot of people made it sound like my life would suddenly crash to a halt as I vaulted into some other dimension of existence, but the changes, while massive, are also far more subtle and confusing. Needless to say, I blame the reduced sleep (which still isn’t as bad as it…
I’ve been out at the Phoenix SANS event so I almost forgot to post this…
I’ll be presenting on endpoint encryption from 2-3 ET today. The event is sponsored by WinMagic, and you can register here.
With the CanSecWest conference last week, right on the heels of Black Hat Europe, there have been many happenings in the security world. On top of that, our favorite investigative reporter managed to take down yet another group of bad guys by shining his flashlight in the right direction.
Reading yet another comment on yet another blog about “what good is ABC technology because I can subvert the process” or “we should not use XYZ technology because it does not stop the threats” … I feel a rant coming on. I get seriously annoyed when I hear these blanket statements about how some technologies are no good because they can be subverted. I appreciate zeal in researchers, but am shocked by people’s myopia in applied settings. Seriously, is there any technology that cannot be…
I have been reading about the highlights of the CanSecWest show all over the net, and it seems like there were a lot of really cool presentations. TippingPoint’s ‘Pwn2Own’ contest at CanSecWest that started late last week concluded over the weekend. The contest awarded $5,000 to each hacker would could uncover an exploit for any of the major browser platforms (Firefox, Internet Explorer, Chrome, & Safari). Firefox, IE, & Safari were all exploited at least once during the contest, with…
Happy Friday! Rich is off with the family today and probably sneaking in some time to play with his new Mac Pro as well. If I know him, at the first opportunity he will be in the garage, soldering iron in hand, making his own 9’ mini-DVI cable to hook up his new monitor. Family, new baby, and cool new hardware mean I have Friday blog duties. But as I just got back from the Source Boston show, there is much to talk about this week. Across the board, the presentations at Source were really…
I have been working on a project lately that I don’t really get to talk about much, but it is a technology that I am quite fond of: Immutable Log Files. For those of you who do not know what these are, immutable logs are log files protected from tampering and erroneous insertion. Depending upon the implementation, the files can have additional protections from poisoning and fictional recreation/forgery as well. There are many other names for this type of technology, such as content integrity…
Ah yes, as spring approaches, so does Sundance for Ugly People (as a friend likes to call the RSA Security Conference).