Archive for May 2005

Outwitting the Witty Worm

May 27, 2005, 1:45 pm

Kumar, Paxson, Weaver: “Outwitting the Witty Worm: Exploiting Underlying Structure for Detailed Reconstruction of an Internet Scale Event” is a brilliant forensic analysis. Their overview:

Many Internet worms use pseudo-random numbers to scan the IP address-space. In this project, we reverse engineered the state of the pseudo-random number generator (pRNG) which the Witty worm used to generate packets. By combining our knowledge of Witty’s code with the pRNG state, we performed a detailed recreation of the worm’s spread. We were able to discover several characteristics of the infected systems, including their uptime, network access bandwidth, and number of disks. Additionally, we were able to find specific details about the worm author’s deliberate targeting of a US Military base, and determine the identity of Patient 0, the system used to launch the worm.

and there’s interesting followon discussion at SecurityFocus.

Category: LINKS, security  |  Comment

Keeping track of breaches

May 26, 2005, 4:33 pm

My personal log of “this could be you” security examples
here
wasn’t ever exhaustive, and tended to be university-centric.
For those looking for a thorough view, these look like good places to keep an eye on:

At some point, the frequency will overwhelm the reporters, the readers’ eyes may glaze over, data will be available but more aggregated. Right now the California SB1798 requirement plus the high public scrutiny seem to be causing improvement in de facto standards for reporting. That will level off as companies and institutions test what they can get away with.

Category: LINKS, security examples  |  Comments Off on Keeping track of breaches

Policy Metaphors

May 16, 2005, 4:23 pm
  • Do not open the thermostat. Call Facilities to adjust. A mechanic will visit twice a year to adjust it, to secure the Allen screws, and to scold you about opening it. (Note: those unsolicited visits don’t happen any more.)
  • Wave arms periodically to turn lights back on. (Note: Many creative mobiles and lightweight origami figures have been invented, with the common feature of being light enough to catch ambient airflow.)
Category: ESSAYS, policy and law, security  |  Comments Off on Policy Metaphors

Raw, rare, or well-done?

May 12, 2005, 12:12 pm

I haven’t posted a blog entry here in four months. Here is my revised blogging strategy:

  • Raw:
    My personal link-blogging has shifted to
    my Furl archive
    RSS,
    which continues to be my frequently-updated repository of interesting links, annotated with clips, tags, and brief remarks.
    Though I dislike Furl’s default rendering into both HTML and RSS (del.icio.us is much more pleasant), its archiving feature is indispensable to me, and the Furl folks have listened to some of my suggestions, so I see hope for improvement.

  • Rare, and well-done:
    Stay tuned, I am still planning to post occasional articles to this site. I am saving up links to content that is overlooked and deserves more attention. In other cases I’m chewing on my own thoughts and will have something original to say.

I’ve noticed that quite a few sites that I read have followed a similar trend, toward less frequent but meatier posting. There are only two high-volume bloggers that I read, plus I follow the Furl / del.icio.us / DashLog blogs of two esteemed colleagues. Everyone else gets my attention only with low quantity and high quality.

Category: ESSAYS  |  Comment