All was well at IT-SecurityWorld and I got a chance to say hi to Patrik Fältström at the end of the day. That was nice even though he gave me (and Panda 
) a small kick for not being IPv6 ready with our services. I have a feeling that we’re not alone though and all the points he keep making in the seminars I’ve seen him hold has always been very valid. People need to begin make the shift and stop being so comfortable as soon as possible.
In other news, the European parliament is about to vote on the Medina Report, which is going to set the direction for all future IP-rights enforcement work. It suggests, among other things, censorship of uncomfortable sites and traffic throttling. It also names The Pirate Bay as a primary target and this has not been well recieved here in Sweden as it can be considered interfering with an ongoing investigation and trial.
Not very nice. More information about this report and it’s ramifications can be found here:
IPTegrity – A Net dilemma for the European Parliament
IPTegrity – Libraries call to reject Medina report
La Quadrature Du Net – Copyright dogmatism ridiculously strikes the European Parliament
In other “work news” I recieved a request for comment on the surfacing issues of states implementing laws that make it legal for police to hack into computers and plant trojans from Christian Rudolf (Swedish site) over at Mjukvara.se (Swedish site). The question was if we as a security vendor would cooperate with the police in these situations and our position in this matter was summarized nicely internally when we discussed this:
Our position is that we will always detect all trojans to protect our customers, even if they pass a law to make a legal police trojan in Germany or anywhere else. If they take us to court of justice or make any type of pressure to make us whitelist their trojan, we will fight against it.
The americans have a typical phrase that fits well into this situation: “they’ll have to pry the detection signature from our cold, dead hands!”
It’s nice to see Panda Reseach and Labs have a sober view on this. Not that I didn’t expect them to, but the silence from some vendors are speaking for itself. The only ones responding to the inquiry on Mjukvara.se was Panda Security, Symantec and Avast. All of us stating that we would not whitelist any trojans. Ever.
Worth noting though is that there has been some trouble with this earlier with some vendors involving a specialized FBI-trojan called Magic Lantern. Let’s hope that the vendors that ignored this trojan change and follow up on their current promises.
And one last thing, I’m in need of some help from someone that knows virtualization (VmWare or similar). Working on setting up a multiple host, multiple network, multiple function solution and I would like to ask someone that knows more about this than me. So if you’re skilled and feel like giving me some quick A’s to my Q’s, please drop me an e-mail (daniel dot nystrom at icmpecho dot com) or comment on this post!
Cheers,
