Author Archives: Chris Lord


Chris Lord is the endpoint point man and resident software architect at Bit9 in Waltham where he leads the product teams developing security solutions for Windows, Mac and Linux platforms. Prior to Bit9, Chris has been a technical leader and innovator across a wide range of technologies and companies including application virtualization at Microsoft and Softricity, secure systems at CERT (SEI), petascale storage virtualization at Cereva, fault-tolerant systems at Marathon, Internet search at AltaVista, and enterprise networking at Digital Equipment Corporation. He received an M.S. in Information Networking from Carnegie Mellon and a B.S. in Computer Science from Fitchburg State. Chris has served on the advisory board for the Carnegie Institute of Technology and a regional board for Literacy Volunteers of America in Massachusetts, and is an active ESL tutor with Literacy Volunteers of Massachusetts.

All posts written by Chris Lord

Space Evaders: How an Extra Space in a File Name Can Fool Some Endpoint Security Solutions

By: October 6, 2014

In a recent talk entitled “Crazy Sexy Hacking” at BsidesAugusta, Mark Baggett discussed a technique that lets an unsigned malicious file masquerade as a validly signed file. The trick, Mark noted, is to name a file very similar to an… Read More

The Truth About RAM Scrapers

By: February 21, 2014

­With continuing concerns about retailers and their susceptibility to memory scraping malware, I thought it might be a good time to follow up our recent posts by Matt and Harry with a deeper examination of these memory-based threats, often referred… Read More

If You Can’t Bring Users to You, Go to Where the Users Go

By: April 5, 2013
Internet connection

Many in the community are working through identifying and remediating Darkleech malware that might have infected as many as 20,000 Apache Web servers running Linux. Behind the stories, three themes emerge: servers matter, Linux matters and blacklisting doesn’t. This type of… Read More

New Java Exploit: A Cup Half Empty

By: January 14, 2013
Java Expoit

The media doomsayers with their calls for PC users to disable Java in the wake of a vulnerability identified last Thursday were chilling. Now that Oracle has released a JDK 7 update that addresses the Java vulnerability (which made the… Read More

Anatomy of a Server Attack

By: October 19, 2012

I often assist my colleagues in incident response and forensic reconstruction. Not long ago we had a customer engage us after they detected an attack on a server that Bit9 successfully prevented. Servers are frequent targets of APTs because they… Read More

The Security Performance Tax Refund

By: May 8, 2012

At a fundamental level all types of Security products—AV, HIPS, IDS, AWL, etc.—tap into the same activity streams: what data or resource is being accessed in what context.  Techniques may vary—mini and legacy filters, SSDT patching, import/export table patching, and… Read More