Archive for the ‘security research’ Category

« Older Entries
Newer Entries »

Infecting malware with malware

Friday, January 25th, 2008

This story on \. today reminds me of a “what if” thought that I’ve had once before.

Wired story about scientists who plan to use genetically modified mosquitoes to reduce the population of Dengue-carrying insects. The altered genes cause newly born mosquitoes to die before they are able to breed if they are not supplied with a crucial antibiotic. This is a more aggressive approach than the anti-Malaria work we discussed last year

In the security arms race against black-hat hackers, it’s common for them to copy our security measures and use it against us. Perhaps it’s time we did the same. What if we made malware to infect their malware? I mean, they make malicious stuff to infect victims, so how about us infecting their malware with our payload (malware for malware? If the two terms cancel out, does that make it goodware?) — just like the genetically modified mosquitoes?
(more…)

Posted in ideas, security research | No Comments »

Aquarium of viruses and malware goodness

Wednesday, November 28th, 2007

I love pets but am too busy to tend to one. I could take care of a plant, but I can’t take a cactus for a walk. This, seems to be right within my realm! I do security research for Websense, I don’t know why I didn’t think of this earlier!

(click for bigger)
xkcd-network

xkcd is my kinda comic. It’s funny and nerdy. Hmm.. I wonder how I can implement this.

The flatscreen LCD would be the most expensive. Then I’d need a pretty beefy machine (as host) to run that many virtual machines. For visualization, I guess I need to translate their actions into a network graph; for instance, if one machine DDoS’s another machine, the graphic would show one node firing small bullets at another machine rapidly. This sounds pretty cool, actually! MMmmmmm …………..

Update: I liked it so much I stuck up a print out of it on my cube wall:

IMG_2227

Posted in geeky, humor, ideas, security research, websense | No Comments »

MySpace Phast Phlux Phishing!

Thursday, September 13th, 2007

I blogged at work tuh-day. MySpacitizens should check it out .. it’s a short read.

Posted in security research, websense | No Comments »

The most dangerous animal to hunt of all

Friday, August 24th, 2007

An interesting thought by Paul Vixie that I stumbled upon while I was incident handling yesterday.

Basically he compares the botnet problem to the human health virus/bacteria problem. Medical antibiotics are great but viruses eventually develop an immunity towards it. Then we are forced to come up with something better. He says that minor incremental stopgap measures against botnet herders cause more trouble in the long run:

Annoying botnet handlers educates them. Don’t do that! Let them succeed at what they try, but watch their every move. Learn to predict what they will do next. Learn how they did whatever they’ve done. Learn who they are. Learn where they live, and where their money comes from. Let them have a wonderful, annoyance-free life, right up to the instant that the front door of their apartment is kicked in and the handcuffs go on. Don’t create more antibiotic-resistant superbugs. Don’t teach them how to be more careful next time, on a painless incremental basis.

Botnet herders are humans just like us, who can think and problem-solve. It’s true that the most dangerous animal to hunt of all, is ourselves.

Full post is here.

Posted in security research | No Comments »

eBay merchant rating hack

Thursday, June 14th, 2007

If you shop on eBay, did you know that their merchant rating system can be gamed to artificially inflate its positive feedback number? This happened on eBay.co.uk, I learned about this and wrote a short blog post for the Security Labs.

Buyers beware. Read more about it here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=130

Posted in did you know, security research, websense | No Comments »

« Older Entries
Newer Entries »