Communication Break Down

I guess there would have to be communication between parties to begin with…

I’m not talking about writing on your best friends Facebook wall or flirting with that gorgeous 18 year old on Mixit (mostly because she’s probably a creepy 37 year old man living at home with mom). I’m talking about getting a decent conversation going with your peers. Perhaps it’s because I am still very naive and not yet jaded about the industry I work in but I firmly believe that we need to talk more. A whole bunch more. We are all in this together, we just choose to be on different fronts. Like it or not, if you’re in the Information Security game you’re fighting a battle. And the other team has more money, bigger guns and they don’t clock in or out. Ever. And if the stats are to be believed, they’re winning. Yes, we may win the odd battle every now and again and I am certainly not trying to take anything away from anyone on my side, but yeah, it’s a little rough out there at the moment.

My biggest issue really is that we suck at getting new guys in. It’s something that Dave Shackleford got across very well in a couple of blog posts and something that locally was dealt with very well by ZaCon/zacon/ZACON/zAcOn/etc.etc.etc. But essentially at the end of the day there still seems to be that feeling of “oh you’re new here, just sit in the corner and shut up”. Or perhaps that’s just me and I’m hanging around in the wrong circles. I have been faced with this problem a couple of times. I am not afraid to pick up a book or read the fine print on the best of occasion but it would be great every now and again to not have to worry about “oh god, I’ll look like an idiot if I ask this so I’m not gonna”. A couple of times while in Durban I was approached by guys wanting to get into the game and get their Security careers started but at the same time they complained about how difficult it was to find help. To me this paints a fairly bleak picture for our future. Or perhaps I’ve grown too cynical during the course of this article ?

So what’s the solution ? I always get told that if you’re going to point out a fault or issue with something, you best come with a solution or a bottle of very good whiskey. I prefer whiskey most of the time but here’s my solution. And unfortunately for me, my solution is going to be “state the obvious”. Not because it’s the easy way out because at the end of the day it’s not. The solution is to give the “leet” thing a rest and help someone out. If you can see someone battling with an idea, concept, piece of code or some such hurdle, give the guy a hand. If you can’t help him out, point him in the direction of someone/something that can. I had a case recently where I was tasked to do something which I didn’t even have the foggiest clue about where to begin. No, I don’t want to be spoon fed but if you expect me to build the aeroplane we’re going to use to fly over that smoking volcano, at least point me in the direction of the toolbox. Because if push comes to shove and I’ve missed a bolt somewhere for some silly reason, we’re all screwed.

To be honest, I’m not entirely sure where I wanted to go with this. Mostly it was probably a small rant I needed to get off my chest for whatever reason. Anyway, I suck at crypto so I’m going to play with OpenSSL until I understand it a little better. Probably because someone said it was a good place to start.

Malware/Anti-Virus

The days of signature based malware / trojan detection are over. We are now living in some of the most dangerous times to be using the Internet I consider if it’s even worth sticking around. Farming cats in the Karoo sounds like a far safer and less stressful job anyway. Long gone are the days when a cute character of the authors choosing would run across your screen and moon you. These days, with humanities greed, it’s all about how quickly and easily a 0-day can be transformed into a working exploit which can either be sent out in a (spear)phishing attack or hosted on some web server with Javascript doing the rest of the work. And the worst part of it all is that we are constantly playing catchup.

When new malware is introduced into the ecosystem that is the Internet at large, we rely on someone catching a specimen of this malware and either analyzing it themselves or sending it through to one of the big AV vendors who will analyze it and produce a signature which will then disseminate out to paying customers. This whole process leaves gaps which are filled by zombies and eventually botnets which plague not only home users, but big corporates. No one is safe.

Conficker, while a great example of what can be done by the community at large, is still very badly understood. No one seems to know why it’s out there and what it’s truly capable of. The media didn’t help us at all around April 1st either with all the hype that went around. I think the awful catch phrase of “Cyber Katrina” was thrown around with gay abandon. Please don’t get me wrong, I am not bashing the groups who worked on the Conficker Working Group, they did tremendous work. I am just worried that there is a fairly serious piece of malware floating around which no one seems to really know the capabilities of.

What are we going to do about this ? Switch to multi-engine scanning on our AV ? Move to a more proactive IDS/IPS setup ? How does this really help the little guy in the street ? Do you think Joe Average who just wants to download the lastest funny video from that site that needs that special codec from that other site that ends in .ru ? Oh wait…I’ve gone cross eyed. Am I the only person who is still worried that we are relying on vendors who’s principal goal is to make money for our anti-virus updates ? They’re not going to do anything rash are they ? Yes, they’re out to help us, but at what cost ?

I fear I may have too many questions and doubts with not enough answers. All I know is that there is a very, very wild west (and east) out there and suddenly, running my web browser in a Virtual Machine or Live CD doesn’t sound like such a bad idea.

Hold that thought, I’m going to fire up Vmware Fusion.