marklon

This is a blog about security, coding and malware in no particular order. I write as a techie who handles security escalations from about 1/3 of the world. I spend a lot of time talking to customers with compromised networks.

Browse by Tags

Tagged Content List
  • Blog Post: Measure and counter measure – malware and anti-malware

    There is a small, high-tech and rather geeky war going on and the battlefield is your PC. Like any war, each side is trying to learn from the other. This war is for the ownership of resources – and ultimately for money. Maybe most wars are. Let us look at some of the details. Much as it irritates...
  • Blog Post: Malware that wants to stay - Some passive protection tricks

    Hello again I wanted to talk about some of the things that malware does to make itself hard to remove. Most Trojans are designed to work on an average XP workstation and make assumptions based on that – which typically breaks servers in rather nasty ways. I was recently looking at a Russian...
  • Blog Post: Security Updates - Are they the answer?

    Ah, another “update Tuesday” – known to the rest of the world as “patch Tuesday” but we are not supposed to call it that. We have a fine crop of updates for you but I am not going to talk about those, partially because we won’t be releasing them for several hours and partially because that is the...
  • Blog Post: Antimalware tools and tricks

    Ah, I am back in the office and settling into to my normal day to day work. I am fairly often asked to remove malware from systems which the anti-malware programs on that particular PC system can’t handle. In fairness, it is often not the AV products fault. Most (more than 75%) of malware is actually...
  • Blog Post: Doing it yourself.

    Hello again Two blogs in less than 48 hours? Whatever could be happening? No, this is not a reference to the issue documented in http://www.microsoft.com/technet/security/advisory/943521.mspx which is interesting but certainly not widely exploited in Europe. No, today I would like to relate what I...
  • Blog Post: You can't get the staff – Social engineering

    Sometimes I like to talk about software engineering but today I would like to ramble on about a different subject: Social engineering. Social engineering is a common technique for getting malware on systems and of course, for Phishing. The “419 scam” (named after the section of the Nigerian penal...
  • Blog Post: Malware: mitigating maladies might matter

    Well, another update Tuesday done and dusted. We are not supposed to use the word "Patch" So, the question that I left you with was what could be done to make it safer to run on a compromised computer; that is to ask how could you mitigate the risks? The answer is that it very much depends on the...
  • Blog Post: Can you break Law #1 and get away with it?

    To save you scrolling down, let me restate Law #1 of the immutable laws of security: " If a bad guy can persuade you to run his program on your computer, it's not your computer anymore" Is there any possibility that it is safe to do business with a computer that has malware on it? The blanket answer...
  • Blog Post: Living in an unsafe world

    Hello ladies, gentlemen and others I am sorry that I have not blogged for a little while. I have been a little occupied with some pro-active stuff for a change. I was on training last week with David Solomon (smart fellow) and I have been preparing for a talk that I will be delivering in Stockholm...
  • Blog Post: Trust me if you dare...

    Paranoia : baseless or excessive suspicion of the motives of others What percentage of computers are compromised in some way? No-one knows for sure but there are estimates. Not many servers – but compromises of those tend to be critical. Some of the systems in an managed environment may be compromised...
  • Blog Post: Being held to account

    Hi there Sorry that it has been a little while since my last post. I have been away at a customer’s site. As usual, I can’t say where I was or what I was doing but I left at 3 hours notice to go there and spent pretty much an entire day in an economy class plane seat. I thought that I would share...
  • Blog Post: Targeted attacks - a sniper rifle, not a scattergun

    Malware is often thought of as an equal opportunity nasty. After all, real viruses affect the rich and poor equally. However, things are not as they once were. In the heady days of Blaster and Slammer and Nimda et al, the malware would infect anyone that it could. Worms are not often found these...
  • Blog Post: Risky business whatever you do...

    Wow – The code review entry was really popular. I have to admit that I have never used a code review tool and they may be wonderful. I tend to plough on through the code just to be sure that I haven’t missed anything. I don’t do that many code reviews so it comes as something of a break from...
  • Blog Post: How malware likes to hide

    Well, technically, how malware writers like to hide malware. In my last post, I talked about subversion – hacking the OS not to see the malware. That is part of the rootkit. Not all malware uses a rootkit and all malware has to avoid detection by signature based anti-malware tools like standard anti...
  • Blog Post: Subversion... something nasty lurks

    Subversion is defined by our friends in the Princeton U’s English department as follows: subversion noun 1. destroying someone's (or some group's) honesty or loyalty; undermining moral integrity; "corruption of a minor"; "the big city's subversion of rural innocence" [syn: corruption]...
  • Blog Post: Malware over the years. It is only paranoia if they are not out to get you

    In a slight change of pace, I would like to talk about malware and how things have evolved. I am not exactly a spring chicken which surprises some people because I am still part of the support organization. I like it here – I am working on real problems that affect real people. Working on pivot tables...
  • Blog Post: Subtle holes let in the most dangerous people

    Hello again As Will correctly pointed out, the signed/unsigned ‘conversion’ will break the code here. Some of the things that make code less than secure can be very subtle indeed. If you didn’t see the comment then I will restate the point here. With a signed comparison, an integer comparison with...
  • Blog Post: Buffer overruns - keeping the inside in

    Ah, another “Patch Tuesday” or “Update Tuesday” as we are supposed to call it. Patches have traditionally been replacements for only part of files and we typically replace multiple files. So, last blog, I wittered on about why buffer overflows were a bad thing. Of course, you already knew that...
  • Blog Post: Buffer overruns and old school exploits

    I was asked to talk about Buffer overruns and I am happy to do that – although you will forgive me if I don’t give sample code, I hope. We don’t often talk about this but the BlackHats all know this material so I guess that it doesn’t much matter. In the old days, there was a programmer’s trick...
  • Blog Post: Protecting against SQL injection attacks

    Ah, another “Updates Tuesday” done although it will be a busy time for a few days yet. We often get questions after we release security bulletins which range from the very simple “Should I install this critical update?” to the horribly complex “Would any OLE streams in the compound document format allow...
  • Blog Post: Secure code - things to consider, part 1

    Writing secure code is a very good thing. So is designing secure applications. Together, they make up a piece of the puzzle and you need both if your app is not to be a vector for an attacker. I know that a lot of developers don’t consider security until integration testing/documentation/other things...
  • Blog Post: All change - From debugging to security

    I am back – and sorry to have been away for so long. It has been a bit of a busy time since I last blogged and I would like to explain some of the things that I have been doing since last year I no longer work in developer support although I am still in the global technical support centre...
Page 1 of 1 (22 items)