Archive for the ‘rant’ Category

TSA Lectures, Lies, and Rude, Dismissive Behavior

February 21, 2012

On a recent trip to Orlando, I opted out of the full-body scan at AUS, as I always do at every airport security checkpoint.  While waiting for my pat-down, I was lectured by the TSA gate agent about how safe they are, was subsequently questioned about my cellphone use as a radiation exposure comparison, and was subjected to repeated attempts to get me to change my mind and just go through the scanner.

(more…)

Advertisements

Advanced Persistent Threat

April 12, 2010

Ok, enough with the APT marketing and journalism diarrhea…  It’s really quite simple:

ad·vanced/ædˈvænst, -ˈvɑnst/ -adjective
1. ahead or far or further along in progress, complexity, knowledge, skill, etc.: an advanced class in Spanish; to take a course in advanced mathematics; Our plans are too advanced to make the change now.

per·sist·ent/pərˈsɪstənt, -ˈzɪs-/ –adjective
1. persisting, esp. in spite of opposition, obstacles, discouragement, etc.; persevering: a most annoyingly persistent young man.
2. lasting or enduring tenaciously: the persistent aroma of verbena; a persistent cough.
3. constantly repeated; continued: persistent noise.

threat/θrɛt/ –noun
1. a declaration of an intention or determination to inflict punishment, injury, etc., in retaliation for, or conditionally upon, some action or course; menace: He confessed under the threat of imprisonment.
2. an indication or warning of probable trouble: The threat of a storm was in the air.
3. a person or thing that threatens.

This term has been around for ages, and means exactly what the acronym’s words mean.  It’s not any single attack, it’s not any trivial or obvious piece of malware, and it’s not the bogeyman that the hot new security product will save you from.  It’s a particular class of threat.  The term gained critical mass being used as early as a few decades ago in the intelligence community where it is used to describe advanced and generally covert modus operandi for ensuring the ongoing gathering of intelligence about an individual or other entity.  The term has been more recently applied, although still at least a decade ago, to Information Security where it is used to describe an ongoing campaign of targeted, sophisticated attacks, or the actors facilitating or conducting said campaign.  In other words, a threat that is both advanced and persistent.

Please, for the love of all that’s holy, stop using “APT” interchangeably with “malware”.  A particular piece of malware may be an APT, or a component used by an APT, but not every APT is malware.  In fact, most of the time malware can’t be considered an APT as the majority of malware is neither relatively advanced nor persistent, and to be APT it would have to be both.

How NOT to Write a Protocol Specification

November 17, 2008

For the last week or so, I’ve been tasked with implementing Application Simulators in the BreakingPoint product for the OWAMP and TWAMP protocols, RFC 4656 and RFC 5357, respectively.  These are honestly two of the most poorly written protocol specifications that I’ve ever read.  Luckily, they’re rather short.  Not only are many parts vague and ambiguous, but some parts read like a stream-of-consciousness dump directly to a text editor.

(more…)