Herding Code 113: Mark Russinovich on Zero Day and Computer Security

This episode of Herding Code the guys talk to Mark Russinovich about his new book (Zero Day), modern malware like Stuxnet, his experiences discovering the Sony rootkit, Sysinternals tools, and computer security in general.

  • K Scott asks Mark about how he decided to write Zero Day. Mark talks about how early, unsophisticated viruses still caused a lot of damage, and it got him thinking about what a virus attack motivated by a terrorist agenda could achieve.
  • K Scott talks about the shift to financial motivation in malware, and Mark mentions the book Zero Day Threat which discusses financially motivated malware.
  • Kevin asks Mark about his motivation for writing fiction in general, and how big a shift it was from technical writing.
  • K Scott talks about how he read the book while travelling, and how it did a pretty good job of terrifying him.
  • Mark mentions how the Stuxnet virus validated some of the scenarios he’d been using in the book, how sophisticated Stuxnet is, and how that level of sophistication in malware authoring is available for hire, cheaply.
  • Scott K asks about the threat that malware like Stuxnet could come back on the entity that released it, and Mark mentions that collateral damage is definitely a factor, but that the Stuxnet authors were apparently unconcerned by it.
  • We take a question from listener @mattd78: "what does mark think of Linux and has he ever analyzed the source code to compare it to windows"
  • Scott K asks how the malware targets have changed with the explosion of mobile devices.
  • K Scott asks Mark about how he uses Sysinternals tools when studying malware.
  • Jon asks about how live.sysinternals.com works to allow running the tools without an explicit download / install step.
  • Jon asks Mark whether he does all his testing in virtual machines or uses physical test machines.
  • K Scott asks Mark about Rootkit Revealer – how it got started, and how Mark discovered the Sony rootkit. Mark tells an interesting story about a cat and mouse game he was engaged with against a rootkit writer who went by the name of Holy Father, who kept coming up with ways to hide from Rootkit Revealer.
  • Mark talks about the interview he did on NPR about the Sony rootkit fiasco.
  • Kevin thanks Mark, on the behalf of Windows developers everywhere, for the Sysinternals tools. When Kevin tells Mark that they’ve saved his butt over and over, Mark says he’s heard that feedback so many times that they used "save your butt" on advertising over the years.
  • Kevin asks Mark if working at Microsoft has made things easier. Mark says not so much – it’s often quicker for him to disassemble and use dynamic analysis than to look at the source code.
  • Jon asks if Mark has any security feedback for .NET developers. Mark says that if you’re purely in managed code, you need to focus on logic problems like SQL injection.
  • K Scott asks if Mark has anything he’d like to promote, and Mark talks about the upcoming book Windows Sysinternals Administrator’s Reference.
  • Jon asks Mark what’s the point of running antivirus software if it’s not going to be 100% effective.
  • Kevin asks Mark if he’s working on a sequel to Zero Day. He is!

Show Links:

Download / Listen:

Herding Code 113: Mark Russinovich on Zero Day and Computer Security

[audio:http://herdingcode.com/wp-content/uploads/HerdingCode-0113-Mark-Russinovich-on-Zero-Day-and-Computer-Security.mp3]

Herding Code 112: Josh Arnold and Jeremy Miller on FubuMVC

This episode of Herding Code the guys talk to Josh Arnold and Jeremy Miller about what’s new with FubuMVC.

  • Jeremy Miller explains why FubuMVC "deserves to exist" and explains how compositional architecture and conventions help in building complex systems.
  • Josh talks about how FubuMVC diagnostics help in understanding how the conventions are being applied how FubuMVC is working.
  • Jon asks about how behavior chains work, and how they relate to routes. Jeremy and Josh explain how behaviors work and how they allow you to extend policies and conventions when you need to.
  • Jon asks how routes work, and Jeremy explains how they can be configured at a few different levels.
  • Jeremy talks about how FubuMVC is built to leverage static features in .NET through strong typing and leveraging the type system as much as is possible.
  • Josh and Jeremy talk about the advanced diagnostics which have recently been added to FubuMVC.
  • Jon asks how FubuMVC diagnostics compare to Glimpse.
  • Jeremy talks about the new packaging system, and how it can be used to apply complex and extensive changes just by dropping them into your application.
  • Scott K asks how the new packaging system relates to NuGet and OpenWrap, and Jeremy explains how the two are complimentary.
  • Jeremy and Josh talk about how their complex requirements in their active projects have driven FubuMVC’s features.
  • There’s a discussion of view engines – what’s supported, what they’re currently using in their projects.
  • Jeremy talks about how FubuMVC uses HTML conventions, how HtmlTags work, and how you can use jQuery-like chaining to reuse conventions.
  • Jeremy talks about how authorization works with the behavior chains. Scott K asks if this can be applied at the action level rather than at the UI level, and Jeremy explains the endpoint service.
  • We wrap up with a mention of Pablo’s Fiesta, this Sept 30 – Oct 2 in Austin, TX.

Show Links:

Download / Listen:

Herding Code 112: Josh Arnold and Jeremy Miller on FubuMVC

[audio:http://herdingcode.com/wp-content/uploads/HerdingCode-0112-Josh-Arnold-and-Jeremy-Miller-on-FubuMVC.mp3]

Herding Code 111: John Papa on the Open Source Fest at MIX11

This episode of Herding Code the guys talk to John Papa about the Open Source Fest he put together at MIX11.

  • Jon asks how the whole thing got started, and if John encountered any friction within Microsoft in getting this set up.
  • John describes the event and calls out some of the winners from the event.
  • There’s a discussion of the Glimpse project. Scott asks what it is, and Jon tries to give the sales pitch for it.
  • John talks about how many of these really cool project are hampered by marketing mistakes like poor project pages and unmemorable project names.
  • John mentions some of the areas for improvement – less background noise, bigger space. Some of that was due to overwhelming response – stopped counting at 500 attendees, ran out of food 3 times, etc.
  • Scott asks if a next step should be an open source conference for .NET. Jon mentions that there are some benefits to piggybacking with a "real" conference so the bosses will pay for us to go.
  • Scott asks if there’s any point to having sessions at a conference, since the real value at the conferences is in the networking and conversation. There’s a discussion about how an open space is cool, but something of this scale isn’t likely to self-organize.
  • Scott talks about how the ALT.NET Seattle event in Seattle is including open source hacking, proposing that larger conferences do this as well.
  • John mentions the Twitter list he’s created for all Open Source Fest participants.
  • We take a question from Tony Champion, asking what John would do differently in future events.
  • John and Jon discuss the difference between consuming and participating in a conference.
  • John pimps the Silverlight MIXer event he runs at MIX.
  • Jon asks if there should be venture capital folks at future open source fests. John said said that it was important to keep clear of any ulterior motives at this first event, but it’s possible that may happen in the future.
  • John and Jon talk about the difference between "official" events and sponsorship driven events.

Show Links:

Download / Listen:

Herding Code 11: John Papa on the Open Source Fest at MIX11

[audio:http://herdingcode.com/wp-content/uploads/HerdingCode-0111-John-Papa-on-Open-Source-Fest.mp3]