malware Archives - Sky's Blog

No chance for true security?

28 January, 2010 by sky Leave a Comment

Is security dead on the Internet? Yeah, it probably is—as long as we rely on software other people have written^[1]. Unless you’re capable of writing all of your own software, without any errors, and keeping it isolated from software written by anyone else, you’re never going to have a secure digital life^[2].

But there are things you can do to protect yourself. NGO-in-a-box has developed Security-in-a-box, a set of tools and tactics for your digital security. Worth taking a look!

It’s often said that “if we can envision it, we can create it,” but in the world of computer (and network) software this is only partially true. We can attempt to create it, but it will always have bugs in it. And those bugs are the chinks in the armor that allow malware to work and cyberwarfare to succeed.

[1] That’s because I can write a perfect program with no bugs, but nobody else can.

[2] See also The Social Graph of Malware, my site where I explore ways in which social engineering is used by the bad guys to get malware onto your computer.

It’s the User, Stupid (It’s the Stupid User?)

29 March, 2009 by sky 2 Comments

In The Curious Case of the Invulnerable Browser, Roger Grimes of Infoworld writes about the recent CanSecWest 2009 PWN2OWN contest where hackers pitted their skills against web browsers to see how quickly they could break into a computer. The prize was the computer itself. Roger says that the state of browser security is actually pretty good, but even if browsers were inpenetrable, the major source of computer breakins is users browsing to a web site that then infects their computer. [Read more…]