Tag Archives: Kurt Wismer

Status Epsilon-icus*

Ok. That wasn’t the last update.

And very possibly the last update here (the target blog suggests why…): Epsilon Overkill and the Security Ecology

Update 3: Rebecca Herson evaluates some of the advice given by Epsilon customers for coping with the phlurry of phish anticipated post-Epsilon: http://blog.commtouch.com/cafe/email-security-news/advice-after-the-epsilon-breach/

Links and a little extra irony from me: http://chainmailcheck.wordpress.com/2011/04/07/epsilon-epidemic/

Update 2: a discomfiting suggestion that there was a longstanding problem that Epsilon were actually aware of: http://www.itnews.com.au/News/253712,epsilon-breach-used-four-month-old-attack.aspx (hat tip to Kurt Wismer, again)

Update: a few more articles you might find worth reading.

It’s reasonable to assume that the Epsilon fiasco will lead to an epidemic: at any rate, luminaries such as Brian Krebs and Randy Abrams are making that assumption, and publishing some excellent proactive advice accordingly. So rather than go over the same ground, I’ll just cite some of the more useful blog posts around that.

Two highly relevant posts by Brian Krebs:

And two relevant posts by Randy:

A list of companies known to have been affected from ThreatPost: http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511

And a characteristically to-the-point rant by Kurt Wismer on why it wouldn’t be an issue in a sane world: http://anti-virus-rants.blogspot.com/2011/04/why-epsilon-breach-shouldnt-be-issue.html

*Yes, a rather forced pun, I know. http://en.wikipedia.org/wiki/Status_epilepticus 

David Harley CITP FBCS CISSP
AVIEN Dogsbody
ESET Senior Research Fellow



More AMTSO stuff

They say there’s no such thing as bad publicity, though quite who ‘they’ are, and why ‘they’ would make such a clearly daft statement is beyond me. It seems that AMTSO has had it’s fair share of bad publicity recently –  a further example is the piece by Ed Moyle over on his blog at http://www.securitycurve.com/wordpress/archives/1773. It’s a long article, but it does show that Ed clearly doesn’t understand (or doesn’t want to accept) what AMTSO is trying to do – maybe that does just mean that AMTSO needs a better PR representation. Anyway, once again Kurt Wismer (or perhaps I should adopt his anti capitalist rendering and use kurt wismer) has provided some excellent analysis of Ed’s piece over on his blog at http://anti-virus-rants.blogspot.com/2010/07/i-see-standards-organization.html

There’s little more that really needs to be said from my perspective. For the record, I personally agree with Kurt (just can’t seem to get my head around the ‘kurt’ thing), in his analysis of the NSS report done by AMTSO – which seems to be at the root of this whole anti AMTSO campaign. The central point is that NSS did a good job, and came very close to the ideal – (if you haven’t read the review, then it’s here). It’s unfortunate that that has been taken as a negative thing or a slight against them to say that they did not fully meet the ideal standard set by AMTSO – it was still far better than many other tests, and I have every hope that people are sensible enough to recognise that. It’s hard for me to see quite how Ed jumps from that report to an accusation that AMTSO is ‘Slapping the labs’ – an argument even harder to see when a lab like Dennis Technology Lab (who have very similar methodology to NSS) voluntarily submitted their own test for the AMTSO review process (see the report here).

If there’s one thing we can learn from this, it’s that it does seem that there’s a double standard here – testers can criticise AV vendors with impunity in their reviews and tests of AV products, but when someone tries to apply that same process and rigour to the tests done by those testers, that is somehow anathema. Personally, I think that’s shoddy thinking, and I have no doubt that AMTSO will continue to strive, as it has done from inception, to provide the public with an insight into tests, and to support good testing practice (and incidentally point out less than ideal practice where needed).

Andrew Lee
AVIEN CEO / CTO K7 Computing

Mac Whacks Back

It sometimes seems like I’ve spent the last twenty years trying to persuade Mac users that using a system named after a fruit doesn’t mean that there are no snakes in Eden or that angels will protect you from all harm.

Not, perhaps, completely in vain, but apparently many of the old Mac evangelist mindsets continue to prevail, irrespective of the true nature of the threatscape. (Macs don’t get viruses, Trojans don’t matter, there are no Mac vulnerabilities and if there were they’d be fixed immediately, social engineering is irrelevant, Microsoft Bad/Apple Good, blah….) There is a polite but nonetheless naive article that more than hints at this mindset here:

http://www.makemineamac.info/2009/10/dont-bug-me-why-macs-are-still-virus.html

Thanks, however, to Kurt Wismer for reassuring me that Mac security is not just my own personal crusade:

http://anti-virus-rants.blogspot.com/2009/12/why-mac-fanatics-still-believe-theyre.html

I have a feeling I’m not done with this issue. And just to be clear: for most of those 20 years I was working for customers, not for vendors…

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/