In honour of our 10th Anniversary here at AVIEN, we’re sponsoring the pre-dinner drinks reception at the 20th Virus Bulletin Conference in Vancouver next week. In case you didn’t know AVIEN was formed out of conversations held at Virus Bulletin in 2000, and the relationship has been a long and friendly one between the two companies. We’re proud to help bring a part of the conference to the attendees.
Virus Bulletin have announced the first in a new series of Seminars. Aimed towards the corporate IT Admins and security practitioners, the day long seminar will look at protecting organisations in the modern age of Internet enabled crime.
Not sure I can get funding to go to the inaugural conference (22-24 February in London) and it may, in any case, be too close to another meeting that isn’t set in stone yet. Nonetheless, it looks like being a more than usually interesting conference. Or is that just because my academic background is awkwardly poised between social sciences and computer science?
This is my first attempt to blog using my iPhone, so forgive any inadvertent typos. I go to a lot of security conferences, and often I feel like I’ve walked into a different world when attending some. No I’m not talking about a preponderance of black sloganised T-Shirts or a penchant for colored hair amongst the attendees (though those do seem to be part of the tribal uniform for security conformistas), rather I’m talking about the way that security has become fragmented into isolated silos of knowledge. In many cases there is total ignorance of the wider security field, and issues are discussed as if they are discrete and unrelated to a wider and more complex picture. It would be nice to have a more generalist family of security professionals, but I guess the field is now so wide that specialism is almost a must. However, I would encourage other security pros to attend different conferences outside of your own specialist area. You will gain a wider view of the world, and you will surely see some funny T-Shirts too.
By now the media machine has moved into action and all sorts of nonsense has been spouted about the creation of a worm that spreads on jailbroken iPhones, written by a guy called ‘ikee’. The facts are these,
It ONLY affects jailbroken phones – if your iPhone is not jailbroken then you are not vulnerable
It ONLY affects jailbroken phones that have OpenSSH installed (This involves you having consciously installed OpenSSH)
If you have changed the default passwords for the ‘root‘ and ‘mobile‘ accounts subsequent to installation, you will not be vulnerable to this worm.
It’s tempting to say ‘I told you so’ on this one, as, I actually did state this fact 2 days before the worm was released. On a panel at the AVAR2009 Conference discussing vendor future strategy, someone brought up the idea that the iPhone will be a desirable platform for exploitation. This is true, but as I pointed out, the biggest risk is not so much to users who are using the default OS provided by Apple, because they are in a strictly controlled environment, with Apple as the benevolent dictator, as it is to those users who have jailbroken phones, at which point – you’re on your own.The whole thing does highlight the potential though, there’s no reason why any platform is automagically protected from malware, so it’s no real surprise to anyone that this sort of thing has happened. David Harley (among others) has written more on this subject here, and as always, it’s worth reading.
Over the next few days, many of the Anti-malware industry’s researchers will be gathered in Kyoto Japan, for the 12th Annual AVAR conference (http://www.aavar.org/avar2009/). Apart from being a beautiful place, in a wonderful country, I hope it will be an occasion for interesting discussion and the opening of new ideas. There are topics as wide as system virtualisation and cloud computing, packers and obfuscation, social networking and information security policy. Quite a few AVIEN members, including me and David Harley will be speaking at the conference. We’ll blog the best bits here 😉
There has been a lot of interest recently in the methods used by malicious actors to compromise Social Networking sites for malicious purposes. Indeed, Lysa Myers from WestCoast Labs and I wrote a paper together discussing various issues with SN sites, particularly focussed on Faceboook. However, one very interesting issue has become a hot topic in recent weeks, the posting of malicious URL’s via twitter. The issue here is that often URL shortening services are used (as Tweets are restricted to 140 characters to be compatible with SMS on mobile phones), so the true destination of a URL is easily obscured. Two eminent Anti-malware researchers, Costin Raiu and Morton Swimmer have been particularly involved in examining this threat, and their presentation at Virus Bulletin 2009 in Geneva lasst month was definitely worth seeing, for those who weren’t able to be there, or who missed it, the slides presented by Morton Swimmer of TrendMicro and Costin Raiu of Kaspersky to the conference are available online here http://www.slideshare.net/craiu/twarfing-malicious-tweets.