Monday, June 30, 2008

suggested reading

  • TaoSecurity: What Would Galileo Think
    don't know if i agree with it yet or not but interesting none-the-less to think about whether you can arrive at (or approach) a secure setup by experimental procedure... my gut says it'll only lead to resistance against whatever attacks happen to be current... in other words i suspect it would be weak against real novelty (and we already know something that's weak against novelty, don't we)...
  • ThreatExpert Blog: New Rustock Switches to Hotmail
    in answer to the rising use of traffic monitoring to detect malware, malware authors will start making their malware operate the same way you do - and this webmail-using spambot is an excellent example...
  • Schneier on Security: Ransomware
    i often think bruce should stick to his strengths when he starts talking malware but in this case he's got it bang on.... ransomware should be a non-issue - when recovery is as easy as restoring from backups then why give it so much special attention?
  • Jeremiah Grossman: Why most WAFs do not block
    jeremiah brings us an interesting quote from dan geer concering default-permit/default-deny along with a discussion of it's implications for webappsec... the quote itself is perfect, though, and i suspect it applies to just about every branch of security... it certainly has some strong implications for application whitelisting...
  • T2W --> Trojan to Worm - PandaLabs
    and people think worms and viruses are going extinct... they aren't, they're just a feature that's gone out of fashion like stealth did for a while - and like stealth they'll come back into style at some point and tools like this will help that happen...
  • and I say we are detecting between 400,000 and 10,000,000 malware! - McAfee Avert Labs Blog
    an excellent post on counting malware threats - the take-away is that the most bloated numbers are those based on samples rather than variants or families due to having multiple copies of what is for all intents and purposes the same threat...
  • R.I.P. CISSP | tssci security
    anyone recall me forecasting the end of security experts? i doubt i'll make any friends by saying so but this is a symptom/manifestation of what i was talking about before...
  • Errata Security: Apple malware
    0-day or 1-day exploits for the mac in the wild... neither alternative is good and these are things more mac users really need to pay attention to - too bad most have been trained not to... some have made a point of saying that despite vendors reporting it to be in the wild there's no evidence that it actually is - you have to congratulate such people on knowing more than the folks whose business it is to know these things...
  • Another way of restoring files after a Gpcode attack
    hahaha, after all these years the folks making gpcode still haven't figured out how to implement a cryptosystem properly - the ability to use plaintext/ciphertext pairs to decrypt other ciphertext tells me they don't understand stream ciphers like rc4 at all... apart from the various steps one needs to follow to use rc4 safely, they might want to consider that unless they're encrypting an actual stream there really isn't much reason to use a stream cipher...

0 comments: