Monday, September 19, 2005

New forensic disk image format proposed

Ahoy! Simson Garfinkel has announced the immediate availability o' his new Advanced Forensic Format specification, as well as a bit o' code to help developers integrate it into their own projects.

Arr! There be several good ideas here. How long 'fore this makes it into yer favorite forensics tools?

2005 Underhanded C contest winners announced

Ahoy, me harties! The underhanded C contest (or, to we pirates, "the underhanded sea contest". Arr!) trains a perspective glass squarely on fine, upstanding looking code with a scurrilous hidden purpose. The winners have just been announced. Check 'em out, or ye'll be forced to drink a bucket 'o bilge!

Thursday, September 15, 2005

Near real time spam map

Mailinator has created a nifty new Google map application to track the geographic origins of spam they receive. Check it out!

Monday, September 12, 2005

Good discussion on Daily Dave

If you haven't already, head over to the Daily Dave archives and read through the thread, Hacking: As American as Apple Cider. This is Dave's response to the recent Marcus Ranum editorial, The Six Dumbest Ideas in Computer Security.

Marcus' thesis seems to be that we can prove that many of the bedrock foundations of a modern infosec program are ineffective, so we should instead be focused on other more productive avenues to defense. I find myself sympathetic to this postion, though I do not agree with it. His argument that user-level security awareness training doesn't work is obviously false, for example. Although the typical computer user will never know as much as we do about security issues, I've personally observed my own users contacting me with security concerns that were brought to their attention because of our annual awareness training. Can we approach the security of our systems in some better way? Yes, we can and must. Do we know of a workable better way? Well, I don't, so I'm going to keep my eyes and ears open while I continue to implement what I know works.

I also have some problems with Dave's line of reasoning. In his essay Why hacking is cool, so that Marcus changes his website Dave tries to go for the high ground, equating hacking with fighting back against repressive regimes. There are some cases for that, I suppose, but that really doesn't seem to apply to any of the cases I deal with, nor with the vast majority of cases handled in this country.

I find hacking cool, of course, if done by authorized personnel. If you're a would-be Chinese dissident, then you've probably got a case there, too. But otherwise, it's not cool at all.

Critical MS patch --- PSYCH!

Ok, this is a bit frustrating. Microsoft recently announced a critical patch would be issued tomorrow (September 13th). MS defines "critical" as "remote execution of code", which sounds reasonable to me. But I'm a bit frustrated about their decision over the weekend to delay releasing the patch. Make no mistake, I'm all for good quality control, but I don't like being told that there's a critical vulnerability for which I'm not allowed to have the patch.