Love, as they say, is dangerous.

As mentioned previously (and in a Defcon debriefing post that I have yet to actually publish), I've been looking into malware analysis and reverse engineering lately. There is still so much to learn, but what humble little I have learned has whetted my appetite for something more hands-on.

By the way, I have finally discovered and fallen in love with Eldad Eilam's book, Reversing: Secrets of Reverse Engineering. Its collective 624 pages has a good balance of breadth and depth, and though I haven't finished it from cover-to-cover yet, I am already jumping the gun and recommending it to anyone interested in reversing. As the book has a good amount of assembly code, some background knowledge is advised, unless you're the type who likes to be inundated with information about things you can just barely understand, like doing 0 to 60 in 3 seconds flat.

At any rate, in my quest to look for something to analyze, I discovered that one easily accessible treasure trove of malware and fishy (phishy! sorry, that was punny) sites is my spam folder... which is where I found this one:



"I`m in hurry, but i still love you...?" Aw, I feel the warm fuzzies! Especially when said ecard (which has javascript code running in the background, so I don't recommend you going to this link unless you know what you're doing) looks something like this...



Humor aside, I am somewhat surprised by the sloppy effort of the attempt, especially when simple copy-pasting could have made it somewhat more convincing. This was obviously not a particularly brilliant example of social engineering technique, but it was entertaining nevertheless.

A different take on Information Warfare...

Always understated and insightful I really recommend checking out Michael's recent article on Information Warfare over at MCWResearch. Now I'll admit I really enjoy exploring the topic of Information Warfare, and I'm also quick to admit that I like that Michael seems to share my take that information warfare is coming for us all, government and corporation alike, and so it's time, as Michael put it, to "...start digging trenches."

I realize my reaction to this subject is to get too fired up for most people to take seriously. It's a failing of mine, but I'm passionate about this and can't help it. I truly feel that all of us, every mom and pop company to Fortune 500's to home users are going to be combatants, either innocent, unwitting, or otherwise, in information warfare, and we need to prepare accordingly. Packets don't often kill people directly and kill -9 rarely has a physical effect on structures, and thus it's easy to dismiss what nation states do in the farthest reaches of the Internet as hardly being "warfare" but it's ludicrous to think that it can't have real world ramifications.

I'm already getting too far up on my soapbox, so again, I really recommend checking out the post at MWCResearch, it's really good stuff.

For the ISI's out there...

That's Information Security Insomniacs, clever I know.

Well it's late and I've been doing Shmoocon prep work all day. I didn't want to call it a night before I posted something interesting.

While no one would confuse me for a big Microsoft fan there are some things I think they've managed to do very well. Necessity being the mother of invention Microsoft has now developed one of, if not the most, expansive computer security programs in the world. I can't speak for anyone else, but I'm always curious what goes on behind closed doors like that, and in this video documentary of the his team Stephen Toulouse really gives you a run of the farm at Microsoft Security Response. Definitely worth a watch.

So is H.D. Moore the InfoSec Gretsky?

Richard Bejtlich made one of his more fascinating posts today talking about the breakdown between offensive and defensive information security professionals, using an apt analogy about hockey.

Now I'm not much of a hockey player (though I did play lacrosse, the sport hockey was derived from), but most of his points, at least on the surface, made a lot of sense. I'm going to take over night to let it roll around and decide what I think, but I already posted a quick response in the comments section.

Give it a look, leave me your thoughts, and I'll be back with more sometime tomorrow.