Wednesday, April 6, 2011

The Hype Over Epsilon ...Baby in the Bath Water?

You've heard the expression "don't throw out the baby with the bath water" right?  The reference is to discarding something important in the mess of something unwanted ...makes me think a little about this big in-your-face headline on USA Today's "Money" section ...from Tuesday April 5th.

"Epsilon hack triggers phishing fears" with the subtitle 'So be careful where you click'.

Is this a good thing, or a bad thing?  Clearly such hype, at least from a security perspective, warrants temperance and sanity for our own credibility ...but could there be a silver lining here?

The fact that this headline is on the front page of Tuesday's USA Today Money section says something ... it says that this is a big story, sure.  But there's a more subtle benefit here ... given the readership of the USA Today, and who's going to read that front page headline and sub-headline ...maybe this is a good thing?

Maybe more people, more of the 'common users' we see as constant phishing victims, will read this and think twice about clicking that email that show up in their mailbox unsolicited?

Or maybe not.

But I can tell you with certainty that even if 10% of the readers of this interestingly written (using a quote from a competitor to the company that just got hacked? uncool) article think twice and don't fall for a phishing scam I'll be thrilled.

Friday, April 1, 2011

Information Security Comedy Genius

You just can't make this stuff up ... I don't know if you follow the Bugtraq mailing listor not, but as I read this today I first thought that hey, it's April Fools' ...but when I realized it was a serious post I read on and the result was a serious LOL ...and projectile coffee all over my monitor/keyboard as a result of Thor's reply.

So here's what happened ...

An email came in with a disclosure..."Microsoft VISTA TCP/IP heap buffer underflow"

...which had this gem of a paragraph in it (for a little context, the person is referring to a PoC he wrote as the program):

"To execute either the sample program or any other system command, the user has to be either the admin, in the admin group or the Administrators group. Since this buffer underflow never makes it to kernel memory, it could be possible that propping up the underflow will make it overflow and take control over the operating system without any restriction."

...which I figured for an April Fools' gag, until I realized it was serious.

Then ...came the LOLs ...because in proper form "Thor" (Hammer of God) had this brilliant rebuttal:
"Just so that I understand correctly, are you reporting that if one is logged on as the administrator, it may be possible to execute this exploit in order to take over the machine? t"

You just can't make this shit up folks ...welcome to Information Security.