The big news at Securosis this week centered around the Conficker worm. As Rich blogged earlier in the week, he got a call from Dan Kaminsky on Saturday with the outline of what was going on. Rich and I scrambled Saturday to reach as many AV vendors as we could to get the word out. While some were initially a little annoyed at getting called on their cell phones Saturday afternoon, everyone was really eager to see what Tillmann Werner and Felix Leder had discovered and get their scanning tools updated. I expected things to be quiet on April 1st. A lot of security researchers have been watching and studying the worm’s behavior, and devising plans for detecting and containing the threat. I imagine the authors of the worm are reading every bit of news they can get their hands on and learning how to improve their code in response. This has been fascinating to watch. Thanks again to the Honeynet Project and Dan Kaminsky for doing a great job, and for involving us in the effort.
On a more personal note, you probably have noticed that neither Rich nor I have been blogging as much lately, partially due to our desire to not create more work for ourselves prior to the new site launch; partially because, well, family comes first. For those of you who know me, you know I have dogs. When people ask me if I have kids, I typically say “No, I have dogs.” What I mean to say is “Yes, several; of the four legged variety.” March has been a terrible month for me because in the first few days one of my puppies went into kidney failure as she had been prescribed the wrong pain medication and dosage. I spent 5 days at the emergency vet clinic with her, even signing the DNR papers as we did not think she would make it. Happy to say she did, and is slowly recovering her ability to walk and some of the 30 lbs. she lost. A couple of days after I got back from Source Boston, her brother, and our all time favorite, started having trouble breathing. To make a long story short, we found cancer everywhere, and he only made it five days after his first visible symptoms, dying in my lap Tuesday morning. We know even several of you hardened veterinarians and long time breeders who have “seen it all” shed a tear over this one, and Emily and I understand and appreciate your heartfelt condolences. Looking forward to a much brighter and happier April.
And now for the week in review… at least what little of it I managed to notice:
Webcasts, Podcasts, Outside Writing, and Conferences:
- Rich presented “Building a Web Application Security Program” at the Phoenix SANS training. We’ll get it posted once we transfer over to the new site.
- Rich’s article on Search Security on Data Loss Prevention Benefits in the Real World is available.
- Rich and Martin hosted episode 184 144 of The Network Security Podcast this week, covering not only Conficker news, but also a ton of stuff regarding security on the Mac platform with Dino Dai Zovi. Even recommended by the Macalope!
Favorite Securosis Posts:
- Rich: Looking forward to getting ASS Certification.
- Adrian: Rich’s post on Detecting Conficker
Favorite Outside Posts:
- Adrian: Know Your Enemy: Containing Conficker was a fascinating paper.
- Rich: From Anton Chuvakin’s Blog: Thoughts and Notes from PCI DSS Hearing in US House of Representatives.
Top News and Posts:
- Microsoft Security Advisory 969136 for MS Office PowerPoint.
- Internet too dangerous? I think most people just do not appreciate how dangerous it is.
- Conficker ‘eye-chart’. This is a great idea and works for several malware variants.
- One topic I really wanted to blog on this week was the Internet Crime Complaint Center report that incidents (discovered and reported, of course) were up 33% year over year.
- Mini-Botnets. Smaller, just as much of a problem.
- The Open Cloud Manifesto. Ugh. Too many grandstanders with too little to say. If Hoff wants to fight that fight, fine, but it feels like yelling at the wind to me. Just not worth the time jumping into this mess until there is a bit more of a market. Don’t get me wrong- Rich and I will cover cloud and virtualization security in the future, maybe even this year. But not in response to this, and when we do, will will try to have something to say that does not suck.
Blog Comment of the Week:
This week’s best comment was from ‘Anonymous’:
@Andre, I think once the Institute store makes its exclusive gear available, you should be the first to buy an ASS hat.
We are working on the merchandise page for the new site … we will be sure to stock those hats.
Reader interactions
3 Replies to “Friday Summary, April 3, 2009”
Alane:
My sympathies for you and your dogs. I like most dogs a lot more than I like most people.
Rob
Rich has my address so he can send me a complimentary hat, preferably black in color. No relation to BlackHat or “being a black hat”, obviously. Or not obviously.
Some caps have a cloth band instead of a plastic one that velcros or belts for size adjustments. I think that would be a good place for “www.securosis.com”, but clearly the front of the hat has to predominantly demonstrate that I’m an ASS (otherwise, what’s the point?).
Gary McGraw likes black baseball caps, too. He was really jealous of mine at Verify Conference last year. I heard that Cigital has their own certification in the works called SISSY:
Secret Internet Software Security Yokel.
I plan on getting both certifications as soon as I can!
Whoa whoa whoa, Adrian…
The Open Cloud Manifesto has NOTHING to do with the CSA…the CSA is not me “fighting that fight” at all…
As I mentioned, it’s unfortunate that the OCM debacle hit prior to the announcement of the CSA.
The CSA is group of practitioners who are working together with Industry to help drive discussion and move the ball along in terms of solutions. The CSA is not in response to the manifesto…it’s been on-going for quite some time.
Please do NOT get the two things confused.
/Hoff