Rik Farrow

I have a new version of the malware talk, talking a different look at the problem of keeping your desktop or laptop free of malware. Although this talk was focused on Mac users, most of the information applies to Windows users as well. And some is specifically for Windows users. While preparing this talk (for the Oak Creek Apples on Oct 16, 2013), I read this discussion of security for Mac OS X users, and found it useful. It actually goes further in making Macs more secure, but also echoes many of the points I made. It is also a much more difficult to live with configuration. But I do know people (Hello hobbit!) that live with worse. >p>

During the talk, a gentleman in the front row named Dave asked about getting a call from Microsoft about there being malware in his computer, and the caller was willing to help. I told him this was definitely a fraud, a form of social engineering. The scammers also called Jerome Segura, of Malwarebytes, and Segura recorded the entire episode. You can also watch a video of a similar scam here.

I'm going to LISA '13

I will be teaching my course on Securing Linux Servers at LISA on Sunday November 3, 2013. This is a hands-on course that uses a VM so students have access to a Linux VM for exercises, and after the class, just to practice with.

On April 20, of 2011, I presented a talk explaining malware for the local Mac users group (Oak Creek Apples). The Malware talks provides some history of malware, descriptions of how it gets installed, countermeasures, and how best to avoid becoming a victim. Back in March 2011, I gave a talk for the same group on passwords. I explained why we use passwords, listed ways they get stolen, and provide suggestions on how to select and use passwords properly. You can view the slides here.

I have been concerned with computer security since 1984, but managed to ignore the basic issues for a long time. Instead, I studied, taught, and wrote about security (see Network magazine articles or read this recent column I wrote about security for ;login:). I will be teaching at USENIX LISA XXV on Linux security and SELinux December 5 and 6, 2011.

In 2006, I created a talk called Security is Broken, which I have given at Apple and Google headquarters. You can find the Google Tech Talk video here. The current version of the slides via my site has been updated for a talk to be given at UC Berkeley on January 31, 2007. For your convenience, you can find references used in the talk here.

In October 2007, I created a short video for Fast Company magazine demonstrating the ease with which the iPhone could be broken into. There was a lot of clamor in the blogosphere that focused on production flaws when I created the video (my first), while ignoring the real issues in the lack of security in the iPhone. Fast Company editors asked me to write a response, then decided that the issue had faded to the point that it wasn't necessary to post it. I have posted my own response, with their permission. Note that the video accompanies an article about Apple focusing on potential weak spots in their leading products and the company itself.

I had a chance to update my thoughts on the future of computer security in an article in the IQT Quarterly's security issue in Fall 2010. Briefly, I pointed out that even after Microsoft vastly improved their program development processes to build-in security, they still have patch Tuesday (and exploitable bugs). I suggest that the way forward lies in building IDEs (Interactive Development Environments) and programming languages and toolchains that make programming securely by the design of the tools, not through external controls. I also suggest that future operating systems run applications in limited environments, something that we already see in iOS, Android, Symbion, and Meego. Microsoft and Google have research teams working on this already.

As the editor of the bi-monthly magazine for the USENIX Association, ;login:, I write a column called Musings, which is often about security. All of my columns are immediately accessible, as are all articles after 12 months. ;login: also contains summaries of papers and talks given during USENIX conferences, and are a great way to catch up on recent research (or decide which papers you want to spend the time reading).

Rik will be teaching Linux and SELinux security classes Sunday and Monday, Dec 9 and 10, 2012 at:

LISA '12


Privacy Policy.