Rik Farrow

I have a new version of the malware talk, talking a different look at the problem of keeping your desktop or laptop free of malware. Although this talk was focused on Mac users, most of the information applies to Windows users as well. And some is specifically for Windows users.

On April 20, of 2011, I presented a talk explaining malware for the local Mac users group (Oak Creek Apples). The Malware talks provides some history of malware, descriptions of how it gets installed, countermeasures, and how best to avoid becoming a victim. Back in March 2011, I gave a talk for the same group on passwords. I explained why we use passwords, listed ways they get stolen, and provide suggestions on how to select and use passwords properly. You can view the slides here.

I have been concerned with computer security since 1984, but managed to ignore the basic issues for a long time. Instead, I studied, taught, and wrote about security (see Network magazine articles or read this recent column I wrote about security for ;login:). I will be teaching at USENIX LISA XXV on Linux security and SELinux December 5 and 6, 2011.

In 2006, I created a talk called Security is Broken, which I have given at Apple and Google headquarters. You can find the Google Tech Talk video here. The current version of the slides via my site has been updated for a talk to be given at UC Berkeley on January 31, 2007. For your convenience, you can find references used in the talk here.

In October 2007, I created a short video for Fast Company magazine demonstrating the ease with which the iPhone could be broken into. There was a lot of clamor in the blogosphere that focused on production flaws when I created the video (my first), while ignoring the real issues in the lack of security in the iPhone. Fast Company editors asked me to write a response, then decided that the issue had faded to the point that it wasn't necessary to post it. I have posted my own response, with their permission. Note that the video accompanies an article about Apple focusing on potential weak spots in their leading products and the company itself.

I had a chance to update my thoughts on the future of computer security in an article in the IQT Quarterly's security issue in Fall 2010. Briefly, I pointed out that even after Microsoft vastly improved their program development processes to build-in security, they still have patch Tuesday (and exploitable bugs). I suggest that the way forward lies in building IDEs (Interactive Development Environments) and programming languages and toolchains that make programming securely by the design of the tools, not through external controls. I also suggest that future operating systems run applications in limited environments, something that we already see in iOS, Android, Symbion, and Meego. Microsoft and Google have research teams working on this already.

As the editor of the bi-monthly magazine for the USENIX Association, ;login:, I write a column called Musings, which is often about security. All of my columns are immediately accessible, as are all articles after 12 months. ;login: also contains summaries of papers and talks given during USENIX conferences, and are a great way to catch up on recent research (or decide which papers you want to spend the time reading).

Bio.

Privacy Policy.