The band R.E.M. released a song on their 1994 album Monster inspired by an odd attack one night by two well-dressed individuals who physically assaulted TV news anchor Dan Rather on his way home while they demanded he answer a question:
Luckily, Rather was not seriously harmed in the attack.
The question made absolutely no sense.
(Though the album made a lot of money!)
When it comes to ethical review of research involving computer security, there are some situations that similarly seem to make no sense.
The following statement was released on April 21, 2021:
In this article, I want to do three things. (1) point out a couple of what I consider to be pervasive fundamental computer security problems, (2) provide my own proposed solution to them, and (3) show you how you can implement that solution in your own open source project (or as a Pull Request to someone else’s open source project).
I will provide you with a way to simultaneously accomplish all the following goals:
This article is aimed at those wanting to learn how to leverage network traffic capture and analysis tools as part of the digital forensics and incident response (DF/IR) processes. These disciplines involve analyzing the network communications associated with remotely controlled malicious software installed on your organization’s computer systems.
I’m sure at some point you’ve received a report or alert from some entity — US-CERT, DHS, someone on Twitter retweeting a security researcher or an anti-virus company, maybe even your bank or credit union? — about a specific threat actor and the malware they may wield against your organization’s network. You know, like the malware in the screenshot above.
What do you do if you want to learn how that malware works so you can prepare to respond?
If I were to give you a free software tool to help you search through hundreds of network packet captures to…
It is common for professional societies and membership organizations to have a Code of Ethics intended to guide their members. Professionals working in the field of information security (INFOSEC) are often members of one or more of these entities, as are academic cyber security researchers and students desiring to enter the INFOSEC field.
In this article I will focus on three such entities: The IEEE and the Association for Computing Machinery (ACM), which are general professional societies with broad membership across many disciplines, and the Forum of Incident Response and Security Teams (FIRST), who “cooperatively handle computer security incidents and…
I was listening to the news on August 29, 2019, when I heard the story of Maria Isabel Bueso and the demand letter she received ordering her to leave the United States by the middle of September or be deported.
I heard her doctor struggling to find a way to resolve this situation and save Isabel from what he called a “death sentence.”
When I learned of Isabel’s participation in a high-priority medical research study, I knew I had something to contribute based on my own experience. I hope that what I have to say here helps people understand how…
20 years ago today — August 17, 1999 — started as a normal day. But that wouldn’t last very long. Little did I know the University of Washington was about to be inundated with a flood of known compromised computers that had to be remediated as quickly as possible.
It turned out I was more prepared for this flood than I knew at the time. That preparation would prove quite valuable to me, as you will see. If you are a digital forensic and incident response (DFIR) professional, I think you might learn something from my story.
I have a…
20 years ago today — August 5, 1999 — I rode my mountain bike across the University of Washington campus to work like every other workday. Early mornings in the summer in Seattle can be pretty nice. Sunny, a little cool with dew on the grass.
Before there were signs requiring that bike riders walk their bikes, I could cruise across campus, bunny-hopping the small 2–3 foot flights of stairs in the Quad, entering Red Square heading south, and — at just the right speed — take the two flights of ten steps each on the south-west corner Suzzallo Library…
“Hacking back” doesn’t always mean going outside your own network. In fact, it is best done quietly, inside your own network where you have home field advantage, and both slowly and deliberately so as to deliver a definitive enough blow to someone’s activities that they leave your network and don’t come back. This is a story of how I did it, and how you can, too.
This story (excerpted from a book in progress) centers on a hacker who I will refer to by the nick “G0by” (spelled with a Zero, and not his real nick.) G0by was part of…
I was inspired to start a series of articles on the early history of DDoS by a few recent events. Rik Farrow interviewed me for a forthcoming issue (Fall 2019 Vol. 44, No. 3) of Usenix
;login: magazine while I was also writing up a history of the early days of the Honeynet Project, which refreshed my memory on a number of events in 1999-2000. I also read this MIT Technology Review article on the 20th anniversary of the “first DDoS attack” on the University of Minnesota:
It took me a little while to remember that July 22 was not…
Information Security Researcher, Consultant