I’m forever reinventing the wheel, and this time around, I’m focusing my efforts on the oh so exciting field of risk assessment. In the process, I try to put aside conventional wisdom and cultivate useful, independent observations that would not have been considered without the additional hard thinking. When going on my squirrel logic trails, I try to forget the older, acknoweldged model; I don’t like it polluting my thoughts.

View full post on Security – Infoworld

Product Description
The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. Thi… More >>

Selinux: NSA’s Open Source Security Enhanced Linux

If you still own your own data center and this question has not already crossed your mind, then you might be spending more money than you need, subjecting your organization to unnecessary risk, or bot…

View full post on Help Net Security – News

Pants-ate-my-hard-drive defense fails

A California woman has been sentenced to 60 days home detention and a year of probation for breaching the mail system of a former employer and posting confidential company documents to public websites.…

View full post on The Register – Security

A good part of the fight against malware relies on the good guys sharing samples and intel. For some reason though, many anti-virus (AV) companies seem to make it exceedingly hard to extract usable samples from their tools and quarantines. They insist on a quarantine in proprietary format, and more often than not, the only option given in the GUI is Send to Vendor or Delete.
Send to vendor? Well duh, how about sending to _more than one_ vendor? How about letting me extract the sample in an industry standard format, so that I can share it with the other AV vendors whose products I’m using to protect my corporation or university ?
Exasperated by a recent run-in with the quarantine mechanism of a particularly stubborn yellow product, I googled some, and found out that there’s actually an IEEE Working Group looking into standardizing an open Malware Exchange format. Good news. Though even better news would be if the format chosen were simply an existing forensic file format, maybe with added encoding or encryption to turn the sample inert.
But, no matter which format gets selected eventually, I sure hope that (a) this happens soon and (b) that the AV vendors actually adopt the idea and make extracting and sharing samples and intel easier than they do today. Because most of their products today … to me look a whole lot like the vendors don’t care [beep] about their client’s security and efficient malware defense. Not anywhere as much as they care about their own revenue.

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

View full post on SANS Internet Storm Center, InfoCON: green