The last two weeks reminded me of something that I had forgotten — I hate viruses.
Now since I know that you read this column for my brilliant technical insight, I’ll forgive you for jumping to the conclusion that today’s column will be related to malware. No, it’s a quite bit simpler than that.
My nasal cavities were invaded by legions of carbon-based nanites. The first signs of the invasion occurred two weeks ago when, during lunch, I detected the first of these biological time bombs explode within my head. The sorties continued all afternoon. By Wednesday morning, the microscopic kamikazes had me begging for mercy.
It’s been quite a while since I’ve been that sick. For a solid week, my full range of motion consisted solely of lifting the remote to change channels. On the positive side, the Hannah-and-Her-Horse commercials seem to have run their course, so I didn’t needlessly suffer that mental anguish.
However, after a week of channel surfing, I believe that I worked out a mathematical framework to conclusively prove that the quality of entertainment is inversely related to the number of programming options. Some of the classic thermodynamic models that describe how disorder in the universe always increases should work quite nicely.
Okay, I know what you are thinking: “Poor little Greg got sick… boo-hoo.” Truly, I appreciate your concern. Just because I know you care, here’s some malware tidbits for you to enjoy.
Actually, it’s more than just tidbits. This weekend, the Bsides Augusta conference brought the entire, stinking universe of security threats to Augusta. Approximately 600 security professionals converged on GRU with the goal of sharing threat information and techniques to defend against those threats.
Conference Keynote speaker Ed Skoudis kicked off the conference by systematically describing the vulnerabilities in our societal infrastructure — everything from the power grid to transportation to wifi-enabled Legos — and described some of the training environments being assembled to help prepare the internet first responders. The remaining sessions covered a very broad spectrum of network security topics. The speakers were not bashful about presenting technical detail. Fortunately for Augusta Tek readers, I’m very skilled at Geek-to-English translation. Here are some takeaways that you should consider.
- If you got hit with the crypto-virus this year, don’t feel too bad. The crypto-virus is big business with crypto-organizations operating “campaigns” and staffing “help desks” to provide unlock keys.
- All website ads should be treated as suspect. The technique of injecting malicious code into ad servers is rapidly increasing.
- After 10 years of training, users still open email attachments from senders they don’t know, and they still use “password” and “12345678” as passwords. (And no matter what they try, system administrators still don’t know how to fix stupid.)
- As if attacking the national infrastructure isn’t bad enough, a big concern exists regarding the increase in wifi-enabled “stuff.” We now know that moving cars can be hacked. Can someone hack a thermostat to overload your breakers? Can someone hack an oven to burn down your house? Can someone hack an internet-connected teddy bear to mindwash your kids? Right now, there are more questions than answers.
I’ll be honest. By the end of the conference, I put my mobile phone in airplane mode and swore that I would never connect to the internet again. However, a couple of thoughts occurred to me as I drove home.
Throughout human history, we have consistently explored and conquered new frontiers. While these frontiers provide an enormous amount of promise, the early adventurers always encountered great danger. Why should this new frontier of the internet be any different? For us to realize the full promise of the internet, the dangers must be understood and mitigated.
Facing danger is always risky, but the Bsides attendees are letting us know that they are up to the challenge.