Michael N. Dundas

My wife and my ‘non-security’ friends think I am too paranoid. According to them, I overreact to simple situations and am too cautious. I’ll admit there may be some truth to that, but this is a perfect example of why I feel I respond this way. A family sound asleep in their home. Husband hears what he thinks is a robber outside. He grabs a kitchen knife and goes out to investigate. He is met by a swat team that has surrounded his house. He and his wife are handcuffed. They are released when the police determine that there is not a kidnapper holding them at gun point in their house. Why did they think that was the case you ask? Someone hacked the 911 emergency system and placed a call that appeared to come from that house saying they had a gun, had already murdered one person and were going to shoot others.

I don’t think the police did anything wrong or overreacted, but it could have gone bad. The husband could have been shot by an officer reacting without thinking due to lack of experience or fear. The simple answer is ‘well he should have just called the police and not investigated himself.’ Although that may be true for this particular circumstance, there could be other circumstances where it is not that simple. Do you call the police as soon as you hear a noise? I don’t. I usually grab my kali sticks and go take a look. You can’t burden the police with every single issue without checking the seriousness of it first. If everyone just called the police as soon as they heard a suspicious noise or saw suspicious activity, the system would break down and the bad buys would win because the police would be busy constantly answering false alarms. In my city if I call the police for a noise that turns out to be nothing, they will actually fine me.

Six months later they finally caught the person that did this. Hopefully, I am just being my paranoid self but I fear this is just a small sign of things to come. Too many things hooked up by networks and computers and not enough time, money, and expertise spent on actually securing systems.

A post by Petko D. Petkov, a researcher in the area of client exploits on Browser based rootkits. The advantages of using them and why they are hard to detect. Personally, I believe his prediction. There will be more and more of these in the future. It only makes sense.

A research paper / tutorial I wrote a few months back. It shows one of the many BotNets that was detected and tracked by my team. The goal of this paper was to show how a typical Dynamic BotNet communicates, the implications these BotNets can have to ISPs, why traditional detection and mitigation is not enough to stop them and why behavioural detection not just simple static signatures are needed to detect and mitigate this type of malicious software.

Remember the Million Dollar homepage and the DoS attack on it? This is a paper that is a result of the work done by my manager Don Bowman (VP, Consulting System Services), and myself based on our investigation when some of our customers contacted us, requesting assistance due to some anomalous outbound traffic emanating from their network.