Security Week in Review (2007-08-26)

Josh's Blog

Sunday, September 2. 2007

Security Week in Review (2007-08-26)

This has a fairly crazy (but also dull) week as far as security things go. Here's a quick recap on the things I found the most interesting.

Who gets to define what malware is?
http://www.net-security.org/virus_news.php?id=857
Kaspersky Lab classified a program by a company named Zango as malware. Zango doesn't think their application is malware and sued Kaspersky. Kaspersky won the lawsuit, which is a great victory for the world of antivirus. This creates an rather unique question though. What is malware? Who gets to define it? No doubt to most people the answer to this question is rather obvious, but there are quite a number of companies who have questionable behavior.

Hack in the box
Two stories stood out this week:
NSA@home (DIY shared FPGA cracker)
Student, prof build budget supercomputer

These two stories lend themselves to an issue that quite a large number of people either like to ignore, or don't think about. Secrets today, are easily broken tomorrow. SHA-1 is a fairly new hashing algorithm and was though to be somewhat robust. This puts it in the same doghouse MD5 now lives in. It's only a matter of time before today's super computer will be available in a $5 calculator you can purchase in the checkout line. This means that while a 2048 bit key is great today, the neighbor kids will be able to crack our PGP mails in under an hour eventually. Sadly there isn't really a good answer to this problem other than ensuring that whatever you try to keep secret will be worthless information in 20 years.
Posted by Josh Bressers in Security Week in Review at 22:00 | Comments (2) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

I don't believe everyone will never agree on a single definition, but I do think that if a company "A" has putted company "B" in a list of malware or even in a list "anything"ware I think that the least that company "A" has to do is to define well what are the criteria used.

Those are my two cents.
#1 Victor Bogad on 2007-09-03 11:14 (Reply)
That's an excellent point. Transparency really is the key here. The security world in general is terrible about keeping things transparent.

That whole glass house and stone throwing idea.
#1.1 Josh Bressers (Homepage) on 2007-09-03 14:05 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 

Calendar

Back July '10
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Twitter


Quicksearch

Archives

July 2010
June 2010
May 2010
Recent...
Older...

Categories



All categories

Syndicate This Blog

Blog Administration

Open login screen

Powered by

Serendipity PHP Weblog