I have a new version of the malware talk, talking
a different look at the problem of keeping your desktop or laptop free of
malware. Although this talk was focused on Mac users, most of the information
applies to Windows users as well. And some is specifically for Windows users.
While preparing this talk (for the Oak Creek Apples on Oct 16, 2013), I read
this discussion of security for Mac OS X users, and found it useful. It actually goes further
in making Macs more secure, but also echoes many of the points I made. It
is also a much more difficult to live with configuration. But I do know
people (Hello hobbit!) that live with worse.
During the talk, a gentleman in the front row named Dave asked about
getting a call from Microsoft about there being malware in his computer,
and the caller was willing to help. I told him this was definitely a fraud, a
form of social engineering. The scammers also called Jerome Segura, of
and Segura recorded the entire episode.
You can also watch a video of a similar scam
I will be teaching my course on Securing Linux Servers at LISA
on Sunday November 3, 2013. This is a hands-on course that uses a VM so
students have access to a Linux VM for exercises, and after the class, just
to practice with.
On April 20, of 2011, I presented a talk explaining malware for the local Mac users group (Oak Creek Apples). The Malware talks provides some history of malware, descriptions of how it gets installed, countermeasures, and how best to avoid becoming a victim. Back
in March 2011, I gave a talk for the same group on passwords. I
explained why we use passwords, listed ways they get stolen, and provide
suggestions on how to select and use passwords properly. You can view
the slides here.
I have been concerned with computer security since 1984, but managed
to ignore the basic issues for a long time. Instead, I studied, taught,
and wrote about security (see Network magazine
articles or read this recent column I wrote about security for
;login:). I will be teaching at USENIX LISA XXV on Linux security and
SELinux December 5 and 6, 2011.
In 2006, I created a talk called Security is Broken,
which I have given at Apple and Google headquarters. You can find the
Tech Talk video here. The current version of the slides via my
site has been updated for a talk to be given at UC Berkeley on January
31, 2007. For your convenience, you can find
references used in the talk here.
In October 2007, I created a short video for Fast Company magazine demonstrating the ease with which the iPhone could be broken into. There was a lot of clamor in the blogosphere that focused on production flaws when I created the video (my first), while ignoring the real issues in the lack of security in the iPhone. Fast Company editors asked me to write a response, then decided that the issue had faded to the point that it wasn't necessary to post it. I have posted my own response, with their permission. Note that the video accompanies an article about Apple focusing on potential weak spots in their leading products and the company itself.
I had a chance to update my thoughts on the future of computer security in an article in the IQT Quarterly's security issue in Fall 2010. Briefly, I pointed out that even after Microsoft vastly improved their program development processes to build-in security, they still have patch Tuesday (and exploitable bugs). I suggest that the way forward lies in building IDEs (Interactive Development Environments) and programming languages and toolchains that make programming securely by the design of the tools, not through external controls. I also suggest that future operating systems run applications in limited environments, something that we already see in iOS, Android, Symbion, and Meego. Microsoft and Google have research teams working on this already.
As the editor of the bi-monthly magazine for the USENIX Association, ;login:, I write a column called Musings, which is often about security. All of my columns are immediately accessible, as are all articles after 12 months. ;login: also contains summaries of papers and talks given during USENIX conferences, and are a great way to catch up on recent research (or decide which papers you want to spend the time reading).
Rik will be teaching Linux and SELinux security classes Sunday
and Monday, Dec 9 and 10, 2012 at: