The Wall Street Journal wrote a post today about Rogue Code and the somewhat lucky coincidence that it was published shortly after Michael Lewis published his explosive expose of High Frequency Trading, Flash Boys:
Want a signed copy of Rogue Code and want it before the book is even out? Every day from April 28 to May 2 I’ll draw the winner of a signed Rogue Code Advanced Reading Copy (ARC) to be delivered before the May 20 publication date! Email the receipt of your Rogue Code pre-order (from any seller in any format) to me at by May 2 to enter.
I’m excited to announce that for the third year I’ll be presenting at RSA Conference US, the largest cybersecurity in the world. Like the previous two conferences, I’m delivering a talk in the Industry Experts track, this time on cloud security. I’m also delivering a technical session on the Pass-the-Hash (PTH) threat and how corporations can defend themselves against it, including by leveraging new PTH mitigations available in Windows 8.1 and Windows Server 2012 R2. I’ll of course also be doing a book signing for my novels Trojan Horse and Zero Day. Rogue Code, the third book in the Jeff Aiken series, won’t be out until May.
Here are the session abstracts and times and below them a link to the conference’s full session list.
HTA-W03 Pass-the-Hash: How Attackers Spread and How to Stop Them
Wednesday, February 26, 2014 | 10:40am – 11:40am
Pass-the-hash transforms the breach of one machine into a total compromise of infrastructure. The publication of attacks and lack of tools to respond have forced enterprises to rely on onerous and ineffective techniques. In this talk, we will decompose the PtH threat, show how the attack is performed and how it can be addressed using new platform technologies in Windows 8.1. – See more at: http://www.rsaconference.com/events/us14/agenda/sessions/1061/pass-the-hash-how-attackers-spread-and-how-to-stop#sthash.THva3Ejr.dpuf
EXP-R01 Public Cloud Security: Surviving in a Hostile Multitenant Environment Thursday, February 27, 2014 | 8:00am – 9:00am
The rise of public cloud computing has brought with it a new set of security and data privacy considerations that are not widely understood. This session will describe public cloud hoster and customer threat models and explain the role in those models of encryption-at-rest, encryption-in-flight and other security best practices.
Revelations about the expansiveness of the NSA’s data collection operations has raised the question of whether US companies like Microsoft, Google Facebook and others voluntarily put back doors into their software for the NSA or give the NSA unfettered access to customer data. Several weeks ago Microsoft published an official statement on its relationship with the NSA that unequivocally states that Microsoft only shares customer data when required to comply with legal requests and whenever possible notifies targeted customers when it does so. You can read the blog post here:
A couple of weeks later WIRED interviewed me on the subject and I reiterated Brad Smith’s comments, explained how a cloud business requires customer trust and discussed the approach Windows Azure takes to secure customer data:
I’m thrilled to announce that I’ve sold the movie options for the Jeff Aiken series (Zero Day, Trojan Horse, and the forthcoming Rogue Code)! The buyer has produced several major films and believes in the importance and timeliness of the subject matter. Work on the first movie is starting immediately with the writing of a screenplay and I’ve been signed on as a technical consultant to ensure that the movie is technically accurate. I’ll share more information here as the movie develops.
You’re probably the IT help desk for your family and friends, and might even have an IT role at your company. Malware is a fact of life and learning how to identify it, neutralize and clean it off infected systems can save the time and money of reimaging systems, reinstalling software and restoring data. Even if you decide to reimage a system, having some understanding of malware’s operation can give you confidence that it hasn’t spread to other systems in your network.
In this top-rated session from Microsoft’s TechEd US conference last week, I teach how to use my Sysinternals tools, including Process Explorer, Autoruns and Process Monitor, as well as some tips and techniques targeted at malware, to analyze and eradicate today’s common strains. You’ll see me use the tools to identify and remove ransomware, fake security software, and even look under the hood at Flame, the cyberweapon that was found last year in Iran and believed to be part of the Stuxnet program of cyberwarfare. With what you learn, you’ll be on the way to becoming a malware cleaning hero.
Government Technology has published a nice profile of me and my fiction, discussing how Zero Day and Trojan Horse both reflect the reality of the cybersecurity landscape. It includes excerpts from an interview I did for them that explain what motivated me to try my hand at fiction and my experience with the writing process. Check it out:
America must also face the rapidly growing threat from cyber attacks.
Now, we know hackers steal people’s identities and infiltrate private e-mails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.
We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy. That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information-sharing and developing standards to protect our national security, our jobs, and our privacy.
But now — now Congress must act, as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks. This is something we should be able to get done on a bipartisan basis.
In a story that reads like it came strait out of Trojan Horse, the NY Times announced today that it has been infiltrated by Chinese hackers in a campaign that ran over the last several months since the Times readied a story on a the corruption of a Chinese official:
Publisher's Weekly on Rogue Code: “In Russinovich’s well-crafted third Jeff Aiken novel (after 2012′s Trojan Horse), the cyber security specialist must contend with insider trading, long cons, and multimillion-dollar thefts”