Location: Seattle, Washington, U.S.A.
First task of the day was to register for the conference at the Marriot Waterfront, just across from the Bell Street Pier & Conference Center (where the conference will be held).
Registration was a snap and I received a nice tote bag full of vendor paraphernalia (some light reading for later on). One of the available events today was a full day on Making the most of the HP BladeSystem and Windows Essential Business Server Solution Opportunity. Rather a mouthful and couldn’t see myself getting any value out of spending a full day on this stuff honestly. However, I was interested in attending a session later in the evening called – Battling the Borg of the Internet with Scott Pinzon.
So, I returned later that night with about 50 or so other attendees for what was an interesting, rather than informative session. During the session of 90 minutes the session focused on the types of Botnet’s, how they operate, are constructed and deployed. The more sophisticated ones are now moving to Peer-to-Peer (P2P) control so there isn’t a central command any more. Some are even using encrypted ICMP (i.e. ping) traffic to communicate with each other. I also learned they Bot-herders (a.k.a. Bot-masters) use things like fast flux DNS to make it extremely difficult to their network to be tracked and disabled.
The speaker said that the greatest methods of Bot and spyware propagation is via celebrity fan sites (so no more Britney Spears for customers!).
I did pick up some stuff that will need some research but in the end the ‘standard’ security best practices provide the best defence. Simply keeping machines up to date, having a defence in depth strategy, scanning all Internet traffic incoming and outgoing as well as a clearly defined, circulated and understood security policy put you ‘ahead of the game’. In simple terms, it reduces your target surface area. I wil tell you what tho’, these Botnets are very sophisticated these days and all aimed at making money.
Apart from that, here’s two things I learned:
1. http://virusscan.jotti.org/ – is a site you can submit a suspect file and it will be scanned with all major anti-virus programs and provide you the results. The speaker demonstrated how malware is packaged, encrypted and run through scanners like this so it won’t be detected.
2. No longer is the response to a technical question to RTFM (i.e. read the f***ing manual). It is now JFGI (just freely Google it). So that at least has been something I’ve learned today.
So tomorrow is the first official day of SMBNation 2008 and I hope that I can bring you all the details and some photos as well.