ethics

July 31, 2013

Hide and go seek, not hide and go tweak

On July 31, 2013, Jason Geffner of CrowdStrike discussed a new tool called “Tortilla” that allows incident responders and computer security researchers to hide behind the […]
March 11, 2013

A new infosec era? Or a new infosec error?

On March 4, 2013, a contest was held at the Nullcon conference in Goa, India, to see who could take over a botnet. The Times of […]
December 29, 2012

The Ethics of Social Honeypots

For the last few years, I have been participating in a Department of Homeland Security sponsored effort to develop principles and applications for the evaluation of […]
December 10, 2012

No, Executing Offensive Actions Against Our Adversaries Really Does Have High Risk (Deal With It)

This is a response to a CSO Online blog post by Jeff Bardin (“Caution: Not Executing Offensive Actions Against Our Adversaries is High Risk,” November 2012.), […]
April 1, 2012

FAQ on Kelihos.B/Hlux.B sinkholing

On March 31, 2012, the Honeynet Project published a draft Code of Conduct and a statement about Ethics in Computer Security Research: Kelihos.B/Hlux.B botnet takedown. The […]
March 31, 2012

Ethics in Computer Security Research: Kelihos.B/Hlux.B botnet takedown

Earlier, we posted about our operation on the Kelihos.B/Hlux.B botnet takedown that was conducted with by security experts from Dell SecureWorks, CrowdStrike, Kaspersky, and the Honeynet […]
March 28, 2012

Thoughts on the Microsoft’s “Operation b71” (Zeus botnet civil legal action)

On Sunday, March 25, Microsoft announced that for the fourth time, they had gone to a federal court and successfully obtained an ex parte temporary restraining […]