Al Huger

Dennis Fisher talks with Al Huger of Sourcefire about the difficulty of tracking down the source of a malware infection, whether organizations should care about attribution after discovering an attack and why playing defense is so difficult.

Download: digital_underground_103

*Podcast audio courtesy of sykboy65

Subscribe to the Digital Underground podcast on 

Categories: Malware, Podcasts

Comments (2)

  1. RS
    1

    Al Huger reveals what, on the surface, seems simple, but the security industry on the whole either ignores or is overwhelmed by. The detection model is going nowhere. Action-reaction is an axiom. (Not to mention a universal law)

    The internet is a distributed network, and as such, so is all malware. A solution must then be based on a distributed solution. Any government type (centralized) solution is an absolute death blow to any distributed free communication system! In actuality, malevolent government has the most to gain from any obstruction to this form of free communication.

    Funding a solution MUST be distributed also; the free market place is the only source of funding large enough to support an effective (to x degree) solution.

    Al Huger correctly concludes that “Applications in the wild” where we can all access whatever we want, whenever, is the greater source of malware, especially in the Android world.

    An excellent free market solution to the “Bad software” problem would be software vetting.

    I pay a yearly fee for password management/form filling sofware that I know is secure. The staff is paid from tens of thousands (or many more) to keep this software clean, up to date, and without error… Distributed.

    I would pay to support an organization that harvests software, tests it, turns it inside out, verifies it and accredits it. A free market Apps. store where malware free, virus free and secure software can be downloaded, securely. Free market competition would govern pricing. This is a distributed approach to poisoned fruit in the wild.

    Legitimate software providers should have no issue making their product available for vetting and certification. All bets are off if we can’t connect from point A to B securely without compromize. If the foundation is corrupt, then, until its identified and fixed, it’s pretty much over.

    Blue Sky.

     

  2. RS
    2

    Al Huger reveals what, on the surface, seems simple, but the security industry on the whole either ignores or is overwhelmed by. The detection model is going nowhere. Action-reaction is an axiom. (Not to mention a universal law)

    The internet is a distributed network, and as such, so is all malware. A solution must then be based on a distributed solution. Any government type (centralized) solution is an absolute death blow to any distributed free communication system! In actuality, malevolent government has the most to gain from any obstruction to this form of free communication.

    Funding a solution MUST be distributed also; the free market place is the only source of funding large enough to support an effective (to x degree) solution.

    Al Huger correctly concludes that “Applications in the wild” where we can all access whatever we want, whenever, is the greater source of malware, especially in the Android world.

    An excellent free market solution to the “Bad software” problem would be software vetting.

    I pay a yearly fee for password management/form filling sofware that I know is secure. The staff is paid from tens of thousands (or many more) to keep this software clean, up to date, and without error… Distributed.

    I would pay to support an organization that harvests software, tests it, turns it inside out, verifies it and accredits it. A free market Apps. store where malware free, virus free and secure software can be downloaded, securely. Free market competition would govern pricing. This is a distributed approach to poisoned fruit in the wild.

    Legitimate software providers should have no issue making their product available for vetting and certification. All bets are off if we can’t connect from point A to B securely without compromize. If the foundation is corrupt, then, until its identified and fixed, it’s pretty much over.

    Blue Sky.

     

Comments are closed.