jump to navigation

The ball drops and the bubble bursts January 2, 2007

Posted by Dave Marcus in General Security, Vulnerabilities, Zero Day.
add a comment

It should prove to be a very interesting New Year indeed! The ball has dropped in Times Square signifying a fresh start. What better way to start of a new year than with a new month of bugs. As most already know, January 2007 is to be the Month of Apple Bugs and the first one has been released.

I think this will be an interesting bug month for a few reasons. The Apple community, in general, has an overblown sense of invulnerability when it comes to security. True, there has been little exploitation of the various Apple platforms. This is mainly true for a very simple reason: lack of deployment footprint. At the end of the day, Apple is not really a great target of opportunity. Scan a million IP addresses and what will you get? Well over 90% (that is a very low estimate) will be various incarnations of MS Windows. If I am a malware/exploit writer and money or data is my goal, where would I focus my efforts?

Interesting when you consider that by the end of this month there will probably be more public exploits for Apple OS and applications then there have been in several years. Will any of these exploits end up being used in targeted attacks? Who knows. But I think that many peoples bubbles will be burst over the next month.

Hey, they may even have to change those dopey ads they run……….


Guitar Pix December 29, 2006

Posted by Dave Marcus in Guitar Ramblings.

Some pictures of my guitar make:

Marcus Guitar 3Marcus Guitar 1Marcus Guitar 2

I am currently using The Guitar Grimoire for my scales, as well as Fretboard Logic. I give full props and shout-outs to both. Putting in between 1-3 hours of practice daily. My wife is only so tolerant!!!

Malware and Metal December 29, 2006

Posted by Dave Marcus in General Chatter, General Security, Malware.
add a comment

Kinda slow lately in the world of computer security (not a bad thing mind you). A bit surprising there hasn’t been more holiday malware (virtual e-cards and such).

On a more personal note – I just began learning the guitar! I have been a lifelong headbanger and have finally gotten off my lazy butt to weild an axe. Got a sweet Gibson Les Paul and have been working scales, chord forms and lead patterns for about two months now. Boy, do I suck but I am having the time of my life!!!!

I think I am attracted to the guitar for the same reason I was attracted to hacking initially – it is a purely personal form of expression and skill. You can take lessons but ultimately it is you on the fretboard. Same with true hacking. You can read about popping a box, but ultimately you have gotta put in your time behind the keyboard.

MS Word Zero-Day Trio December 22, 2006

Posted by Dave Marcus in Malware, Vulnerabilities, Zero Day.
add a comment

Boy was that ever a weekend!!! Three solid zero-day exploits over a 5-6 day period of time right around MS Patch Tuesday (no coincidence).

Over at Avert Labs we have been tracking this for quite some time. The trend seems to be to release a zero-day exploit within +3 or -3 days of the MS patch release. Pretty good strategy actually when you consider it. If an MS zero-day is released 3 days prior to the patch it is very unlikely it will get included in the release. If the exploit is released 3 days after the patch it is very unlikely that MS will release an out-of-cycle patch to address it. This gives the exploit writer a potential usage window of 27 – 33 days for the malware.

Definitely speaks to the continued organization and planning skills of the malware writer.

Skype malware or hype malware? December 22, 2006

Posted by Dave Marcus in General Security, Malware.
1 comment so far

Be sure to check out a couple of new posts on the McAfee Avert Labs blog on Skype malware. First, Francois Paget discusses the recent PWS-JO trojan that targets Skype as well as shows a nice graphical breakdown on trojan families. Second up is Navtej Singh with a very interesting post on new developments in VoIP Spam (commonly called SPIT).

Considering how popular VoIP is getting in general (Vonage, Skype, etc….), this type of malware is kinda overdue. Pretty much figure as the deployment footprint increases, VoIP will be viewed as a bigger taget of opportunity by malware writers.

McAfee Avert Labs 2007 Threat Predictions PodCast December 11, 2006

Posted by Dave Marcus in Uncategorized.
add a comment

Over at McAfee Avert Labs we recently did a podcast of our 2007 Threat Predictions. I think that it went very well. Ran for about a half hour, interview format between myself and Niall McKay, and then we had some Q&A at the end.

 Download the PodCast

Vectors, bots and BuddyProfiles…… Oh my! December 5, 2006

Posted by Dave Marcus in General Security, Malware, Vulnerabilities.
add a comment

Some really great new posts on the McAfee Avert Labs Research Blog! OK, I am not exactly unbiased in my opinion here, however some really great blogs have been posted lately. In no particular order:

  • A really neat post from Allysa Myers on BuddyProfiles misuse. Just goes to show you what can happen when you allow users free reign over their own html code and content!
  • Bhaskar Krishna wrote up a really interesting piece on masking potential adware/spyware installs with 404 Errors. Adware and revenue – not a good mixture!
  • Vinoo Thomas on bots using more application vulnerabilities for exploitation/installation.

Read them. Learn them. Live them!!!

Back after a long break December 4, 2006

Posted by Dave Marcus in General Chatter.
add a comment

Wow. It has been quite some time since I last updated my blog. Life at McAfee Avert Labs has been keeping me quite busy of late. Since last I posted I have done quite a bit of traveling:

  • Milan, Italy
  • Madrid, Spain
  • Amsterdam, Netherlands
  • Munich, Germany
  • London, England

I am actually back in London as I write this post. My PR and media responsibilities for McAfee has been ramping up quite a bit recently, which is the reason for the travel. I am, however back in full swing and will be updating my blog on a daily basis once again.

Vote or you have no right to complain November 7, 2006

Posted by Dave Marcus in General Chatter.
add a comment

That kinda sums up my feelings on voting. People who do not exercise their right to vote, really have no right to complain about the state of things in our country. I don’t particularly care if people are Democrats, Republicans, Green or Plaid providing they get out their and exercise their right to govern themselves. The ability to have dialogs (OK, arguments) of opposing views is what makes us truly unique and, IMO, better than all others.

Somewhere in the world right now a soldier is defending our freedoms and that way of life.

First Windows Kernel Bug for the MoKB Released November 6, 2006

Posted by Dave Marcus in Vulnerabilities, Zero Day.
add a comment

Well, we knew it was only a matter of time but the first kernel bug for Windows has been released for the MoKB. Interestingly enough this particular bug is darn near 2 YEARS OLD and has been previously reported to MS, although it has remained unpatched. Read the full post or get the source code here.