Author: admini

It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.

The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.

The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD’s chip-level virtualization technology to hide itself.

“Rootkits are going more and more toward the hardware,” said Sparks, who wrote another rootkit three years ago called Shadow Walker.

SMM dates back to Intel’s 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer’s power management, taking it into sleep mode, for example. In 2006, researcher Loic Duflot demonstrated how SMM malware would work. In addition to a debugger, Sparks and Embleton had to write driver code in hard-to-use assembly language to make their rootkit work.

Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking.

http://www.pcworld.com/businesscenter/article/145703/hackers_find_a_new_place_to_hide_rootkits.html

Common security threats addressed include exploitation of software bugs to gain unauthorized access, denial-of-service attacks, exposure or corruption of sensitive data, unsecured transmission of data, use of a server breach to gain access to other network resources and use of a compromised server to launch attacks.

NIST recommended that security plans be considered from the initial planning stage because addressing security is more difficult after deployment.

“Organizations are more likely to make decisions about configuring computers appropriately and consistently when they develop and use a detailed, well-designed deployment plan,” the document said. * Standardized software configurations that satisfy the information system security policy…. Because manufacturers are not aware of each organization’s security needs, each server administrator must configure new servers to reflect their organization’s security requirements and reconfigure them as those requirements change,” NIST advised.

“The overarching principle is to install the minimal amount of services required and eliminate any known vulnerabilities through patches or upgrades,” the document said.

http://www.gcn.com/online/vol1_no1/46239-1.html

“NAC 1.0 is key in controlling who gets on the network, but the problem is there are many new kinds of nodes like inventory control devices and robots, and they all have an IP address and so users need to control them,” said Steve Hanna a distinguished engineer at Juniper Networks who co-chairs the Trusted Network Connect committee that developed the protocol.

http://www.eetimes.com/showArticle.jhtml?articleID=207501479