Monthly Archives: December 2009

Pedants R Us

Or, “shouldn’t that be Pedants R We?”

Talking of The Register, congratulations to John Ozimek for a l33t post that indicates a command of the art of pedantry that leaves even me feeling outclassed and open-mouthed with admiration (really).

http://www.theregister.co.uk/2009/12/31/end_of_days_decade/

It brings nostalgic tears to my eyes remembering the arguments of yesteryear as to when exactly the new decade/millennium really started. 😀

Happily, I hope to be well out of computing before the next storage wraparound Big Issue:

http://en.wikipedia.org/wiki/Year_2038_problem

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

The Register: “Welcome to the out-of-control decade”

A disquieting article by Rik Myslewski that strikes some deep chords with me. :-/

“Waiting in the wings are corporate entities eager to exploit your personal information, and government agencies watching your every step.”

http://www.theregister.co.uk/2009/12/31/the_out_of_control_decade/

The issue of government monitoring spends a lot of time under the spotlight, of course, and so it should. (Craig Johnston and I considered some of the law-enforcement issues in an AVAR paper this year, but there’s much more to it than that, obviously.)

http://www.eset.com/download/whitepapers/Please_Police_Me.pdf

But I’m seriously concerned about the consequences of the increasing amount of personal data (good, bad, and purely mythical) available to anyone with a browser (or even a USB port). It’s an issue I’ve had occasion to think about several times recently, and I expect to return to it a lot more in the coming months. For instance:

http://www.eset.com/threat-center/blog/2009/12/14/que-sera-sera-%e2%80%93-a-buffet-of-predications-for-2010

http://www.eset.com/threat-center/blog/2009/12/14/your-data-and-your-credit-card

http://www.eset.com/threat-center/blog/2009/12/12/the-internet-book-of-the-dead

http://www.eset.com/threat-center/blog/2009/06/09/data-protection-not-a-priority

Also, this quote from the ESET Global Threat Trends report for December: “Criminals and legitimate businesses will mine data from a widening range of resources, exploiting interoperability between social networking providers. Sharing of data in the private sector will be an increasing threat until the need is accepted for more data protection regulation on similar lines to that seen in the public sector, especially in Europe.”

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Top Ten Trite Security Blog Predictions

I started to blog this here, but decided it would be more annoying elsewhere. Tee-hee…

http://preview.tinyurl.com/yfg4xcq

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

 

Another Anniversary

As I’ve pointed out elsewhere, it’s been something of a year of anniversaries. And as Mikko Hypponen has pointed out at http://www.f-secure.com/weblog/archives/00001846.html, around this time ten years ago we were preparing for global chaos as the Millennium Bug bit.

Well, actually, it largely passed me by. The institution I worked for decided that Y2K had no security implications, and in fact wasn’t really an IT issue, so they handed it over to the library to manage, though the IT department still did all the actual work, as far as I remember. In the event, I believe one piece of lab equipment misfunctioned when everything was switched on again after an enforced break over the New Year: not, as I remember, in any critical way, but it was ten years ago.

In fact, my principle memories are of going to bed early on New Year’s Eve and being awoken by a thunderous firework display over East London, and of fielding an awful lot of questions about those Y2K viruses that never turned up. And of being rapped over the knuckles after the event for hinting in an article for an in-house publication that there had ever been any risk of an unforeseen event. It’s always reassuring to work for people who know everything about everything.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

‘Tis the season for crystal balls…

And yes, I’m working on a crystal ball document today for ESET, making use of Randy Abram’s blog at http://www.eset.com/threat-center/blog/2009/12/14/que-sera-sera-%e2%80%93-a-buffet-of-predications-for-2010 and ESET Latin America’s extensive document (already published in Spanish at http://eset-la.com/centro-amenazas/2256-tendencias-eset-malware-2010). But marketing departments and the media like that sort of thing.

In fact, many such articles are essentially retreads rather than dramatically insightful. However, Anton Chuvakin posted a blog yesterday that shows not only insight, as I’d expect, but a certain panache. Not that I wouldn’t expect that too. 🙂

http://chuvakin.blogspot.com/2009/12/security-predictions-2010.html

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Season’s Gratings

There’s nothing here that isn’t already in the blog at:

 http://www.eset.com/threat-center/blog/2009/12/24/seasonal-gratings

Actually, it’s a “now for something completely different” link to:

http://avienguide.wordpress.com/2009/11/27/make-mine-a-snowball/

A happy and safe Christmas holiday to you.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

SRI iBotnet analysis

I’m not a huge fan of SRI, mainly because of its misconceived and inept use of VirusTotal as a measure of a measure of anti-malware effectiveness. (Unfortunately, SRI is not the only organization to misuse what is actually a useful and well-designed service by Hispasec as a sort of poor man’s comparative testing, even though  Hispasec/VirusTotal themselves have been at pains to disassociate themselves from this inappropriate use of the facility: see http://blog.hispasec.com/virustotal/22.)

So it pains me slightly to report that they have actually produced a reasonable analysis of the botnet associated with the iPhone malware sometimes known as Ikee.B or Duh (sigh…) But they have, and it’s at http://mtc.sri.com/iPhone/.

I wish I could say that some of their other web content is of the same standard. Disclaimer: the company for which I currently work does indeed consistently appear at a very low position in SRI rankings, so you’d expect me to dislike the way they get their results. I do… But I dislike even more the way that they’ve ignored all my attempts to engage them on the topic. OK, rant over. The ikee analysis is still well worth a look.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Schneier Prognostications

I’m afraid I’ve been preoccupied with other things for the past week or two, and I’ve had to keep my blogging down to  a minimum. And this isn’t going to be longest article of my life.

However, the “Hype-free” blog (http://hype-free.blogspot.com) is generally worth keeping an eye on, even when an article is just a few links (making this article a link to some links, so I suppose if I was to advertise it in email, it could be described as a chain letter).

In fact, these are pretty interesting links: the first six are “face-offs” between Bruce Schneier and Marcus Ranum on topics such as social networking and security metrics. Additionally, there are a couple of Schneier’s Open Rights Group security talks.

I’m not an uncritical admirer of Bruce Almighty: I take exception to some poorly-grounded and misleading statements he’s made in the context of malware and anti-malware. But he’s on the money often enough (and entertaining enough)  to make these videos worth a look.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/

Linux malware found in screensaver


http://linux.slashdot.org/article.pl?sid=09/12/09/2215253

I hate to say I told you so…actually, that’s not true. In this case, it was sadly obvious that it would happen, but the general attitude of the whole OS/Free Software crowd is still to claim the earth is flat when it comes to Malware.
Interested readers might like to Google my EICAR paper from 2002 called “The Emperor’s New Clothes: Linux and the myth of a virus free operating system”.

There I discussed that the very thing that makes the OSS model work is also its greatest weakness, there’s little control, little QA, and 99% of the time proletariat downloading a package won’t check it (nor would most be competent to), so it’s very easy to insert malware. It’s very likely there is a lot more malware out there lurking in small fringe packages such as the one mentioned in the OMGUbuntu article.
The fact is that with the rise ofthe netbook, Linux becomes a more desirable platform to attack, and at the moment, it’s way too easy. After all, who needs anti-malware software on Linux?

Privacy, AVG, Facebook, Uncle Roger Thompson and all

My last post (https://avien.net/blog/?p=209) on Roger Thompson’s article about privacy concerns, “public” information and so on raised some interesting discussion.

Ironically (or perhaps appropriately) a lot of it was on Facebook.

I carried on the theme on the ESET blog, if you’re interested. “Your Data and Your Credit Card”, at:

http://www.eset.com/threat-center/blog/2009/12/14/your-data-and-your-credit-card

Note that due to a couple of system crashes, a link to Allan Dyer’s excellent article disappeared in the first published version, but is fixed now:

http://articles.yuikee.com.hk/newsletter/2009/12/a.html 

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/