We have interviewed Georg Wicherski, who is one of the speakers for the Honeynet Workshop in Dubai 10-12 of February. Georg will give a briefing about “Secure Exploit Payload Staging…or how we did not kill an 0day at Defcon”

So Georg, why did you become a security expert?

Pathos: Hacking is my second love after my family and working as a security person allows me to live my passion every day.

We have interviewed Raffy, who is one of the teachers for the Honeynet Workshop in Dubai 10-12 of February. Raffy will give the following talk: How Big Data, Data Mining, and Visualization Enable Security Intelligence and a class on Information Visualization - Bridging the Gap Between Tufte and Firewalls"

So Marty, tell us, why did you become a security expert?

I studied computer science with an emphasis on cryptography. While I loved the mathematical puzzles that the crypto field offered, I couldn’t imagine doing that for a living. However, I was intrigued by all the stories around applied crypto that our professor was telling us. For example, how they printed the source code of PGP into a book and then shipped the book to Switzerland, where it was scanned in again. All of which to circumvent the then in active export laws. These stories got me interested in computer security or hacking. A passion that I still pursue.

Good morning folks

My apologies for the delay on this one. It appears the the wily coyote has passed on his tricks to my Internet connection and as such I’ve been offline for a fairly large portion of time. No matter….onward to the readables !!

Malware

An in-depth code analysis of mssecmgr.ocx from the ESET folks is here.

The Virus Total crew are bringing some seriously cool features to VT. More here

UPDATE: the log data is posted here.  A notification group about new log sharing is here.

This WASL 2009 workshop reminded me that I always used to bitch that some academic researchers use antediluvian data sets for their research (Lincoln labs 1998 set used in 2008 “security research”  makes me want to just curse and kick people in the balls, then laugh, then cry, then cry more…).

However, why are they doing it? Don’t they realize that testing their “innovative intrusion detection” or “neural network-based log analysis” on such prehistoric data will not render it relevant to today’s threats? And will only ensure ensuing hilarity :-)