I would like to announce my new partnership with TradePub.com. They offer a lot of subscriptions to trade publications and whitepapers that are relevant to many different industries. The Resource Center is over on the left in the first sidebar. You can choose a category using the widget there, or you can just click on the top of it and go to the page to choose more resources. I hope you find some stuff there you can use.
Vet
I have been off this whole week working at Vacation Bible School at our church. I am in charge of eleven screaming kindergartners. Hmmmm… security or 5 year olds? Those kids make Russian hackers look like weenies.
Vet
I wrote a post here the other day that explained that I would not be loading FF3 on my laptop until some flaws were discovered and fixed first. Then I wrote a post over at my CW blog the next day after a flaw had been found (you need to go read the post to understand the rest of this post). It was not a "I told you so" post. Rather it was a post asking people their motives in downloading and installing FF3 so quickly. After all, this was a MAJOR upgrade, not a bug fix. Of course, that just pissed off ol’ NickF (whoever he is). His comment is below:
1. It’s faster, much faster than FF2, mostly in handling JavaScript. And yes, it is MUCH faster than IE7. Before you brag about IE7 being faster than FF2, you should look at FF3, to see how FF2 and IE7 are slow.
2. It’s much more efficient than FF2, and IE7, less memory is used, ad more efficiently.
3. The world my friend, moves on. It’s called progress. Since FF3 is free and it’s a proven enhancement over the current version, you might want to give it a try. Besides, would you hold on IE8 when it comes out? Would you refuse an automatic update from MS? About Safari?
I honestly hate when people criticize products they haven’t even tried. It’s not FF vs IE flamewar that bothers me, it’s really the lack of spirit in trying something new before writing an otherwise pretty pointless article.
And since I didn’t want to aggravate any of my editors over at CW, I am writing a reply here. I am, however, linking to this post in the comment section over at CW. So here goes:
@NickF,
"Before you brag about IE7 being faster than FF2, you should look at FF3, to see how FF2 and IE7 are slow."
First, I have no reason to brag about IE7. I was not on the IE7 development team. Second, and more importantly, did you even read my post? I said I would download FF3 WHEN they have made some fixes.
"Since FF3 is free…"
IE7 is free. It comes with the operating system. Oh wait, you have to pay for Windows, so it’s not free… semantics. You can get either one, and you’re not shelling out money for it. You might not be able to get IE anywhere but on Windows, but hey, that’s good for FF, right?
"…and it’s a proven enhancement over the current version, you might want to give it a try."
Again, did you read my post?
"Besides, would you hold on IE8 when it comes out? Would you refuse an automatic update from MS? About Safari?"
Nice question to ask a security person. The answer is "Yes". I don’t load major updates on major apps that have huge potential to be avenues for malware, etc. until I have done some investigation. That is why I have said I won’t load FF3 for a bit. I did not load IE7 for months after it came out. The only reason I loaded the newest Safari was because it was a bug fix for a flaw. It went from 3.11 to 3.12, not 3.11 to 4.0. Big difference.
"I honestly hate when people criticize products they haven’t even tried. It’s not FF vs IE flamewar that bothers me…"
First, I am glad you honestly hate it instead of dishonestly hate it. That’s so much better. Second, did I flame any browser? No. Did I criticize? No. If anything, I did the opposite of flame and criticize (whatever that might be called). I said "I use FF. I also use IE, and I also use Safari for Windows (yes, I updated to 3.1.2) because I like features in each." AGAIN, did you read my post?
"…it’s really the lack of spirit in trying something new before writing an otherwise pretty pointless article."
Come one NickF. I never said you should NEVER go to FF3. I never said IE rules and FF drools. I never said anything bad about FF as a browser other than it is susceptible to some of the same flaws.
So, one last time. DID YOU READ MY ARTICLE???????????? Or did your knee just jerk when someone dared question FF3? My article was about asking motives. If you would have calmly digested my article rather than just reacted, you would have seen my points. Instead, you couldn’t resist moving this issue to the religious side of the aisle. You claim to be honest about your motives, but you’re not.
Vet
I apologize if you have made some comments in the last few weeks and they have not shown up. I get an email From Intense Debate that comments need moderation, but sometimes I miss them or don’t read the email correctly or whatever other lame-brain excuse I can come up with.
They should be there now. I know you all were wondering what was going on. 
Vet
OK, Armageddon is officially here. Alan Shimel has made the comment that security marketing might not be "worth the paper it is written on". Holy crap.
Though I am just having some fun with Alan, this still makes me wonder if the comments from Greg Ness (quoted in Alan’s post) are right. Are the days of "entrapment marketing" over? I am not in the position of getting a thousand calls everyday as a security manager anymore, but I do see a lot of those whitepapers still out there. I still get a lot of email asking me to download them. But Greg is also right that social media is taking over a lot for this. That is why I created a talk / presentation where I talk about how to use security blogs as research tools.
Marketers MUST recognize this trend. I still see a lot of old school marketers out there trying the old ways. These people are either not adaptable, or they just have been under a rock for the last few years. I get too much info on new products and trends from blogs for it to be worthwhile to download whitepapers that some vendor wrote. Just doesn’t make sense.
Thanks for the post, Alan. I am in Heaven!
Vet
I’m waiting. Sorry I couldn’t contribute to "Download Day". I guess I could have pulled it down and not installed like Martin, but I didn’t. I just didn’t want to waste my time because I know there will be a new release in a few days that fixes a bunch of crap, and probably another one soon after that. I know it is Firefox, but they are catering just as much as MSFT anymore, so there will be vulnerabilities. I don’t feel like making my machine vulnerable to anything else.
Vet
I get a lot of foreign-language spam, and most of it gets sent to junk and deleted. So while searching through my email today, I ran across these three emails. The bottom two emails are identical, but when I saw the first couple of words, I thought they were foreign and almost hit the delete key. Then I noticed they were from companies with crazy names.
Is it just me, or are these company names getting crazier and crazier? Do they run these things through a random word generator or something? And sometimes I wonder why they even bother since they are probably just going to get bought in a couple of months anyway. Might as well just call them "Company A". Does the name mean that much? I know sometimes I get kinda confused when a tech company name does not reflect at all what they do or produce, but come on. Anyway…
</rant>
Vet
Well, I was hoping for more people (it is hard to tie Houston people down), but I am counting this BayouSec as a success because of the presentation by Adam Pridgen (see below). Adam reverse-engineered a bot and stepped through the process for the group. I have to say that much of it was at a level I don’t play in since I am not a developer, but the process was very interesting to see.
If you live in the Houston area and didn’t get to make this one, please consider getting to the next one (haven’t set a date yet). I am working on getting more people to speak. Some of the smart guys at Alert Logic have said they would do some talks, and I plan on doing a couple myself (who wouldn’t want to see that, right?… RIGHT??)
Here’s Adam’s preso and the video that went with it. The video is kinda hard to see at times. Too many windows and too small a font. But Adam said it was his first time at doing the video capture.
Vet
It is at the Alert Logic facilities @ 1776 Yorktown, 7th floor, just south of the Marathon Oil tower on San Felipe. It will start at around 6:30pm.
Below is the information on the talk and the speaker. I expect the talk to last about 25 minutes, and then it will be open to questions and comments. We can just let it grow from there.
Thanks to Adam Pridgen for volunteering for this. In the future, if you have something you want to speak on, please let me know.
Michael Farnum
—————————-
Speaker:
Adam Pridgen
Title:
Reverse Engineering Software with Basic Protections
Summary:
The presentation will cover the basics of reverse engineering malware or any other software protected with basic protectors and packers using ImmDbg, IDA Pro, LordPE, ImpRefound, Wireshark, and an IRC server. The presentation will walk through dumping the malware to disk, and then cover the general process I used to identify the command structure, functionality, and required parameters to interact with the malware sample.
Bio:
Adam Pridgen is an independent security researcher and contractor. Previously, he worked for Foundstone Professional Services where he was involved with code reviews, threat models, penetration testing, among other tasks such as teaching and lab development for the Foundstone’s Ultimate Hacking classes. Prior to Foundstone, he spent a little over five years in the security community working on software development projects, software testing, and in telecommunications for a variety of organizations. Adam’s most notable accomplishments include an MS and BS in Electrical and Computer Engineering and an Honorable Discharge from the US Army.
—————————-
Why is it when you praise Vista or slam Mac, you are a dumbass and a MSFT shill, but when you praise Mac and insult Vista, you are a wonderful and enlightened person? This comes from observation of the blogs over at Computerworld (blatant plug – I blog over there as well).
Look at Seth Weintraub’s blog. His blog is called Apple, Ink. He writes about Apple and the wonders contained therein. Look at his ratings. Very few are anything less than +20, with many +30 and above.
Now, look at Preston Gralla’s blog. His blog is called Seeing Through Windows. He is typically pro-MSFT and even fairly anti-Mac. Now look at his ratings: -100, -103, -182… Sheesh. And he gets flamed every time in his comments as well, constantly being accused of being on the MSFT payroll.
I don’t have a Mac. I run XP on my laptop, and my wife’s new Dell has Vista. And honestly, I wanted to try a Mac when we started looking for a new computer. But the reason I didn’t buy one was because of price. An Apple would have cost me twice as much money. I can’t use the learning curve argument because Vista and Office 2007 changed everything up and drove my wife batty. But at least it was a lot cheaper than a Mac, and it is damn fast (quad core, 3 gigs RAM, 7200 RPM SATA, HD, 128 meg nVidia video card, etc etc).
So if you own a Mac and you think it is the best thing since sliced silicone, then more power to you. Just get off your preppy horse with a quasi-Mohawk and an earring and quit telling us PC owners that we are stupid. Sheesh…
Vet
An Information Security Place