http://www.secureworks.com/research/blog Information security analysis and commentary from the research team at SecureWorks. http://www.luhrq.com/research/blog/index.php/2010/8/23/malware-and-the-failure-of-aircraft-systems http://www.luhrq.com/research/blog/index.php/2010/8/23/malware-and-the-failure-of-aircraft-systems http://www.luhrq.com/research/blog/index.php/2010/8/6/black-hatdefcon-18-conferences-recap-part-2 Last Tuesday, Dennis Dwyer blogged about his experiences at DEFCON 18, a computer security conference held in Las Vegas, Nevada. This event comes after the Black Hat computer security conference, which has more of a business and corporate feel. While I did not find this year’s conference as interesting as in years past, there were a number of interesting talks. Below is a quick summation of the talks I found were the most interesting. http://www.luhrq.com/research/blog/index.php/2010/8/6/black-hatdefcon-18-conferences-recap-part-2 http://www.luhrq.com/research/blog/index.php/2010/8/3/defcon-18-conference-recap-part-1 I just returned from this year's DEFCON conference held in Las Vegas. Overall, it was a great time and I enjoyed meeting everyone. This year was my first time attending DEFCON and I was surprised at the number of attendees. There were so many great presentations that I wasn't able to attend them all. Here's a brief recap of some of the talks I enjoyed: http://www.luhrq.com/research/blog/index.php/2010/8/3/defcon-18-conference-recap-part-1 http://www.luhrq.com/research/blog/index.php/2010/6/23/dedicate-a-separate-computer-for-online-safety Some of the advice regarding the adoption of live CDs targets those who have never used a Live CD and are interested in learning how. That is definitely not the average user. The average user is not going to use a live CD until it's handed to them free of headaches, especially not as long as individual financial liability is as limited as it is or until after their identity is actually ruined. http://www.luhrq.com/research/blog/index.php/2010/6/23/dedicate-a-separate-computer-for-online-safety http://www.luhrq.com/research/blog/index.php/2010/6/22/space-weathers-role-in-return-to-stone-age-greatly-exaggerated The Space Weather Enterprise Forum was held on June 8, 2010, at the National Press Club in Washington, DC. NASA, The National Aeronautic and Space Administration (NASA) and the National Oceanic and Atmospheric Administration (NOAA) are the two U.S. agencies that track space weather in near-earth space and are the stars of this conference. http://www.luhrq.com/research/blog/index.php/2010/6/22/space-weathers-role-in-return-to-stone-age-greatly-exaggerated http://www.luhrq.com/research/blog/index.php/2010/6/18/cyber-security-preparedness-for-the-2010-g-20-summit Canada will soon host the G-20 summit in Toronto, Ontario. The G-20, short for the "Group of Twenty Finance Ministers and Central Bank Governors", meets to discuss policy and issues affecting international financial stability that are larger in scope than any one member country's area of responsibility. http://www.luhrq.com/research/blog/index.php/2010/6/18/cyber-security-preparedness-for-the-2010-g-20-summit http://www.luhrq.com/research/blog/index.php/2010/6/10/windows-help-center-0-day-arbitrary-command-execution The SecureWorks CTU(SM) is closely monitoring a 0-day vulnerability in multiple Microsoft Windows operating system releases. The vulnerability lies in how Windows handles hcp:// URLs, used to access help documents. An attacker may create a malicious hcp:// URL and distribute it to victims via an HTML web page, e-mail message, document, or a variety of other attack vectors. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands, which may result in total system compromise. http://www.luhrq.com/research/blog/index.php/2010/6/10/windows-help-center-0-day-arbitrary-command-execution http://www.luhrq.com/research/blog/index.php/2010/5/4/dont-panic-dnssec-isnt-do-or-die Recent rumors that the Internet is doomed are just as overblown as all the rest, except perhaps when AOL started letting its users onto the Internet - a fate from which the Internet never really recovered. The current rumor relates to DNSSEC (also known as Domain Name System Security Extensions), which cryptographically signs DNS results. http://www.luhrq.com/research/blog/index.php/2010/5/4/dont-panic-dnssec-isnt-do-or-die http://www.luhrq.com/research/blog/index.php/2010/4/30/effective-new-techniques-for-identifying-bittorrent-users This week we saw the proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10). Past years had seen the release of plenty of novel and groundbreaking research, so expectations were high. A group of researchers from I.N.R.I.A. in France published an impressive paper on new techniques for identifying and tracking users of the BitTorrent protocol titled, "Spying the World from Your Laptop: Identifying and Profiling Content Providers and Big Downloaders in BitTorrent" http://www.luhrq.com/research/blog/index.php/2010/4/30/effective-new-techniques-for-identifying-bittorrent-users http://www.luhrq.com/research/blog/index.php/2010/4/28/your-malware-settings-may-have-changed An overview of a malicious script (Emold downloader trojan) that was delivered to many email addresses Tuesday evening and Wednesday morning. http://www.luhrq.com/research/blog/index.php/2010/4/28/your-malware-settings-may-have-changed