Comments for Angels of security

Comment on Nigerian scammers go up a notch by chaim

chaim — Tue, 20 Oct 2009 16:18:46 +0000

wow, that’s just sick.

in other news, it amazes me that I can still catch 99% of what the spam filter misses without even opening the email. Yahoo’s spam filter doesn’t even catch spoofs purporting to be from Yahoo account services! …we’ve got a long way to go to the singularity…

Comment on Blackberry surveillance by Nym

Nym — Thu, 16 Jul 2009 21:22:32 +0000

http://www.veracode.com/blog/2009/07/blackberry-spyware-dissected/ has the gory details on the “patch.” Thank you Weld Pond!

Comment on Drug smuggling codes by Sara

Sara — Wed, 24 Jun 2009 05:36:03 +0000

Pretty nice post. I just stumbled upon your site and wanted to say
that I’ve really liked reading your blog posts. In any case
I’ll be subscribing to your blog and I hope you post again soon!

Comment on Fannie Mae logic bomb by Trio (band) » Computer surveillance

Trio (band) » Computer surveillance — Mon, 04 May 2009 23:23:55 +0000

[...] Angels of security » Blog Archive » Fannie Mae logic bomb [...]

Comment on 7 habits of highly effective infosec profesionals by SXSW: The Perils of Being Internet Famous [Voices] | Hobby Cash: Make Cash Blogging About the Things You Love

Tue, 17 Mar 2009 23:00:06 +0000

[...] Angels of security » Blog Archive » 7 habits of highly effective … [...]

Comment on vulnerability disclosure response time by Matt

Matt — Fri, 06 Mar 2009 17:36:40 +0000

I think that if you publish it, it motivates folks to get the fix out.

Comment on Fannie Mae logic bomb by What Should You GoSee? » Blog Archive » For Those Who Forget, How We Got Into This Mortgage Mess

Wed, 04 Feb 2009 22:02:35 +0000

[...] Angels of security » Blog Archive » Fannie Mae logic bomb [...]

Comment on I was right by Ty S.

Ty S. — Fri, 17 Oct 2008 18:29:15 +0000

Matt’s right you are pretty smart…

Comment on Race to zero by kurt wismer

kurt wismer — Tue, 23 Sep 2008 19:57:54 +0000

sorry for responding a month later – the system i was using to track comment threads flaked out silently…

about your 2 points:
1) you may not be satisfied with whitelists that don’t include all program types but that’s not an implementation defect… it’s theoretically impossible for it to include all program types from a computer science standpoint… there are an infinite number of them because all data has the potential to be interpreted as code…
2) there are similar limitations for everything else you are suggesting, be it API calls, network traffic, etc… there will always be ways to accomplish these things that a filter won’t recognize… this isn’t a matter of implementation, it’s a matter of computation complexity and computability…

Comment on I was right by Matt W

Matt W — Tue, 23 Sep 2008 19:16:15 +0000

::sarcasm:: Well you are just SOOOO smart now aren’t you Ari? ::sarcasm::