Finding Aurora (googlehack)
I was helping a fortune customer yesterday determine if they were targeted by Operation Aurora. From everything we know to date, they were not. How do we know this? We looked. In 15 minutes or so, we...
View ArticleIDS Legacy is Institutionalized Failure
The news is rife with discussions about systemic failures in the intelligence community. It is a good thing we do not judge information security on the same scale of success. I know of not a SINGLE...
View ArticleMove over China, here comes Russia
While the world took pause to consider the implications of Operation Aurora, and Google lent considerable voice to the concept of Advanced and Persistent Threats (APT), we can ill-afford to believe...
View ArticleKneber Update
There was a significant amount of coverage yesterday on research performed by NetWitness into a large set of stolen information recovered from a ZeuS botnet. Some of the information, analysis, and...
View ArticleNetwork detection of x86 buffer overflow shellcode
Overview This technique can detect overflow exploits against software running on the x86 platform, meaning it applies to Windows, Unix, and Mac shellcode. It not only works independently of OS, but it...
View ArticleThey are watching you…and your security vendors.
If you’ve ever seen me, or any of the NetWitness crew, speak on malware, advanced threats or the current threat environment, you’ll generally hear more than one recurring theme, one of which is: Your...
View Article
