Back to Top

Monday, April 28, 2008

Random thoughts and commentary

Via the Erratasec blog: Race to Zero. From the webpage:

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008.

The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.

My prediction (if I may be so bold): someone will come with a homebrew protector and will defeat all AV engines in 5 minutes (unless some hyper-sensitive engines are used, but (a) even those can be defeated, you just have to work harder to make your code look innocent and (b) these engines are usable only in very limited settings due to their high false positive rate). This will bring to the public attention (once again) the fact that AV products protect against the known, not the unknown and if you basing your security solely on them and not considering layered approaches, you have a high probability of being affected. And AV products provide almost zero protection against malware specifically targeted against your company!

Via AlertLogic: To defeat a malicious botnet, build a friendly one. First of all, as the AlertLogic post noted, the title is a very bad one (just like the story coming out of MS Research that they are planning to use worms to distribute patches). Second, this sounds like building a friendly fast-flux network. Three comments:

  • Who in their right mind would agree to use her/his computer for something like this?
  • It just shifts the target from the content-server to the content-locator server (DNS) which can be taken down (although not that easily)
  • It still is possible to DDoS the service if it does at least some processing (like querying a database) and doesn't just serve up static pages (which can effectively be cached by the routing nodes)

Via the Hacker Webzine blog: Overflows The Visual & Audible Way. This is way cool. Although I've dabbled with creating custom chips (using FPGA's), actually hearing the computations is incredible.

This also reminds me of something I've been pondering about: how under-utilized our senses are by current UI interfaces. You can't find mane examples of meaningful and useful audio-feedback outside of the computer games for example, although IMHO it is a very good method to notify the user of low-priority (or even high priority) events.

A few thoughts about the security implications of Amazon's computing cloud (EC2)

Nix - a purely functional package manager. This is a *NIX solution for the DLL hell. I've skimmed through the papers because I was interested in how they handle the update of different, but dependent components (for example, lets say that OpenSSL has a bug and I upgrade it, how will Apache - which depends on it - react to this). Nothing very interesting (but maybe I didn't get to the core of it). If you want to see a working and widely used implementation of something similar, check out Windows Side by Side (or SxS as it's better known). There is also a Channel 9 video about it

Wine is nicely enabled? - not so much for me. I never managed to make something really work under Wine and was plagued by small (but very annoying) details. These days I just run a Qemu VM with XP in the background and RDP into it.

Git, a distributed version control system and merging: Git merging by example. It all boils down to Git just does the right thing (like Perl).

Via the Grand Stream Dreams blog:

Finally, a post about hardware security. Very good and very scary.


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.