Amrit Williams Blog
Observations of a Digitally Enlightened Mind
-
On Conficker: The Return of the High-Profile Mass Infection Worm
Their back! It has been awhile since we had a good old fashioned, highly publicized, hysteria inducing, globally distributed, mass-infecting worm. The AV vendors (here) and (here) must be ecstatic that 2009 is really turning out to be the year of the largest security incidents since the beginning of …
-
Open Cloud Computing Manifesto: Much Ado About Nothing
So apparently a group of technologists and vendors working under the cloak of digital darkness drew out a pentagram and locked arms as they called out to Cthulhu to manifest and drive out those that would oppose their ultimate aims of total and complete world domination. Domination brought about thr …
-
From the RSA Security Blog “Understanding the Crowd: To Catch a Thief”
Sam Curry from RSA recently posted some thoughts on a paper we have been working on and presented at Source Boston (here)in the coming weeks we will detail the research and the modifications we have made since first presenting the draft over a month ago. Last week, Amrit Williams and I presented the …
-
Location-Aware Malware Becoming a Reality
Trend Micro posted on a recent location-aware malware scheme to target individuals using local information (here) - hat tip to Krebs for the post (here) On Monday, security firm Trend Micro began warning people to look out for bogus Reuters breaking news e-mails warning of explosion or other various …
-
Beyond the Perimeter: New Podcast Series
There is a new podcasts series that we have recently announced. You can review the first series of podcasts (here) - we have some really exciting guests lined up and rumor has it there will be a co-host joining me as well - enjoy!
-
How Cloud, Virtualization, and Mobile Computing Impact Endpoint Management in the Enterprise
I had an interesting conversation with a peer recently that started with a statement he made that innovation was all but dead in security. The implication was that we had done all we could do and that there was very little more that would be accomplished. Of course I felt this was an overly simplist …
-
SIEM, ESM, GRC, and Why compliance sucks
The latest video from Demos on Demand (here) with a lively, fun conversation moderated by Stiennon (here), including Mckeay (here), Murray (here), and myself. Some people have been telling Mckeay that he held his own, I think Murray must have hypnotized him - enjoy
-
Fear and Loathing in Davos
Few things can evoke more uncertainty and doubt than fear (here) The threat of cybercrime is rising sharply, experts have warned at the World Economic Forum in Davos. Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themsel …
-
The Economics of Cybercrime and the Law of Malware Probability
Sam Curry of RSA (here) and I will be presenting on this topic at Source Boston Security Conference March 11-13th (here). The lineup looks fantastic and Im excited about the opportunity to share this research. In the meantime and since we havent really completed or fully published the paper here is …
-
2009 The Year of the Largest Security Incidents Since the Beginning of Forever
F-Secure is reporting that 9 million PCs are now infected with the conficker/downup/downadup/kido worm (here), which would make it one of the largest and most infectious worms we have seen in a long time. In an era of sophisticated, stealthy, financially motivated cybercrime it is interesting, to sa …
-
Open Letter to Barack Obama: Securing Critical Infrastructure - The First 90 Days
Dear President Obama, As America enters a new era that has already begun to reflect the leadership, the change, and the hope of your presidential campaign, it is imperative that we take this opportunity to implement a vision for how the United States and the world will securely and efficiently maxim …
-
Demos on Demand: Data Leak Prevention
I recently had the opportunity to sit down with Richard Stiennon (here), Martin Mckeay (here) and Mike Murray (here) to discuss a series of security topics. The first discussion focused on DLP and the result of that conversation is located (here). It is always disconcerting to see yourself in video …
-
“Happiness” my new password for 2009
Wired reports that the 18 year old hacker (age is not relevant but it always fun for the media to point out that some hacker is still in his teens) responsible for breaking into Twitters administrative account and gaining access to several celebrity twitter accounts used a password cracker that bust …
-
Browser Security Fail, MD5 broken, CA gone rogue
A group of security researchers (Alex Sotriov, Jacob Appelbaum, Mark Stevens, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne De Weger) have identified a vulnerability in the public key infrastructure used to issue digital certificates for secure websites. As a proof of concept they have shown th …
-
The Internet is Doomed, Again, For the First Time Since the Last Time…
As we end the year we have the last of the IEEs (Internet Ending Events) in 2008 as Alex Sotirov (here) and Jacob Appelbaum (here) provide details as part of their presentation Making the Theoretical Possible at the 25c3 - 25th Chaos Communication Congress (here), for those not able to attend the co …
Amrit Williams Blog
