May 09, 2005

Google-aided virus paper (de-embargoed)

A few people read it almost two years ago when I first wrote it but then I had been asked to keep it hidden. Given the current climate in IT security I frankly doubt that my research from 2003 could cause anyone a headache so here is the (now of historical interest) paper entitled Sobig-G: addressing the weaknesses in Sobig-F.

Ultimately it has very little to do with Sobig-F and a lot about efficient distribution of viral code updates.

Posted by arrigo at 03:29 PM

February 15, 2005

IPS, or when incompetence can be provided in hardware

It so happens that I’ve recently had the pleasure to deal with a co-lo provider which also happens to offer a managed firewall service. Their infrastructure is based on some fashionable IPS which provides “security” to the clients requesting it.

The concept of an IPS was born when Gartner, in the person of the renowned security expert John Pescatore, declared to the world that IDS was dead because it was too cumbersome to configure, didn’t deliver, etc. etc. etc. The firewall was rapidly provided with “intelligence” directly from Pescatore’s own private stash and promoted to IPS or “Intrusion Prevention System”, an oh-so-more-catchy term.

Continue reading "IPS, or when incompetence can be provided in hardware"
Posted by arrigo at 02:55 PM

October 19, 2004

The insider exists and occasionally gets caught

Invariably when I start talking about the insider threat I am bombarded with e-mails telling me that I have it all wrong and that the wily hacker on the Internet is the real danger.

On cue the news that in Italy the Post Office was ready to be defrauded of 20 million euro thanks to an employee in the Naples area. The article is sadly in italian but I've put together a quick translation for the benefit of curious english-speakers.

Continue reading "The insider exists and occasionally gets caught"
Posted by arrigo at 11:49 AM