In "The anti-virus age is over," Graham Sutherland argues that the targeted, hard-to-stop attacks used by government-level hackers and other "advanced persistent threats" are now so automatable that they have become the domain of everyday script-kiddie creeps. Normally, the advanced techniques are only used against specific, high-value targets -- they're so labor-intensive that it's not worth trying them on millions of people in order to get a few more machines for a spam-sending botnet, or to extract a few credit-card numbers and passwords with a key-logger.
But all attacks tend to migrate from the realm of hand-made, labor-intensive and high-skill techniques to automated techniques that can be deployed with little technical expertise against millions of random targets.
Signature-based analysis, both static (e.g. SHA1 hash) and heuristic (e.g. pattern matching) is useless against polymorphic malware, which is becoming a big concern when you consider how easy it is to write code generators these days. By the time an identifying pattern is found in a particular morphing engine, the bad guys have already written a new one. When you consider that even most browser scripting languages are Turing complete, it becomes evident that the same malware behaviour is almost infinitely re-writeable, with little effort on the developer’s part. Behavioural analysis might provide a low-success-rate detection method, but it’s a weak indicator of malintent at best.
We’ve also seen a huge surge in attacks that fit the Advanced Persistent Threat (APT) model in the last few years. These threats have a specific target and goal, rather than randomly attacking targets to grab the low-hanging fruit. Attacks under the APT model can involve social engineering, custom malware, custom exploits / payloads and undisclosed 0-day vulnerabilities – exactly the threats that anti-malware solutions have difficulty handling.
This was the premise and theme of my novella Knights of the Rainbow Table (also available as a free audiobook). It's a funny old world.
The anti-virus age is over.
Umbracity aims to solve the problem of unexpected urban showers with a shared-umbrella service. They’ve rolled it out in soggy Vancouver, and the deal is that you get to use an umbrella from any of their kiosks for free for 48h, but if you keep it longer, it’s $2/day to a maximum of $20.
The Nameless Coaltion, a global alliance of women’s groups, LGBTQ groups, human rights and digital rights groups has asked Facebook to abandon its “Real Names” policy, which puts Facebook users in danger of reprisals including state violence, stalkers, and on-the-job harassment.
Protesters angry over proposed layoffs stormed an Air France executive meeting and cornered Director Pierre Plissonnier and Resources Director Xavier Broseta, tearing off the men’s jackets and ripping their shirts off, forcing them to scale a fence to get free.
Shake, stir, and muddle your way to delicious homemade cocktails with this must-have bar set. Expect only the finest quality tools from MakersKit — enabling you to unleash your inner mixologist.Top 12 Favorite Things of 2014, Sunset MagazineQuart-size vintage-style Mason jar shakerRetro double jigger for accurate measurementsStrainer & spouts for a mixologist-style smooth pourHardwood muddler […]
The Lytro Illum dares to be different, boasting even more robust features than its first generation predecessor and a sleek design reminiscent of professional DSLRs. What’s so cool about it? Most cameras capture the position of light rays, producing a statoc 2D image.
SitePoint Premium is the ultimate e-learning library for web developers, designers, and digital professionals. Famous for their web development books written by industry leaders, they’ve expanded their content library to include in-depth video courses and short, handy screencasts partnering with A Book Apart and UX Mastery. Whatever you want to achieve in your web career, […]