admini – Page 263 – CyberSecurity Institute

Good worms back on the agenda

Posted on January 27, 2006December 30, 2021 by admini

The topic of whether self-propagating code can have a good use has cropped up occasionally among researchers in the security community. In 1994, a paper written by antivirus researcher Vesselin Bontchev concluded that ‘good’ viruses are possible, but the safeguards and limitations on the programs would mean that the resulting code would not resemble what most people considered a virus. Later attempts at creating ‘good’ worms have failed, however, mainly because the writers have not adopted many of the safeguards outlined in the Bontchev paper. The Welchia worm–a variant of the MSBlast, or Blaster, worm–had apparently been created to fix the vulnerability exploited by the MSBlast worm, but had serious programming errors that caused the program to scan so aggressively for new hosts, it effectively shut down many corporate networks.

Immunity’s research is the latest attempt to create a more rigorously conceived framework for creating worms that could spread across specific networks to find and report vulnerabilities. The research essentially offers two advances, a strategy for the controlled propagation of worms and a framework in which reliable worms could be created quickly, Aitel said. The nematode worms would have to get permission to spread by querying a central server for a specific digital token, which Aitel dubbed a nematoken, before spreading to a particular machine.

http://www.securityfocus.com/news/11373?ref=rss

Gartner Says Don’t Deploy 802.11n until 2007

Posted on January 27, 2006December 30, 2021 by admini

VBroadcom and Marvell have already announced that they will start producing ‘draft-compliant’ chipsets, but Gartner labelled these claims as “misleading” and “premature”.

The analyst firm believes that the technology is likely to be changed before a final standard is approved, and that additional testing will be required to ensure compatibility with existing Wi-Fi standards.

http://www.vnunet.com/vnunet/news/2149265/gartner-pleads-restraint-802

Kama Sutra worm set to bite next week

Posted on January 26, 2006December 30, 2021 by admini

The worm has infected some 300,000 systems, according to a Lurhq analysis of logs from a Web site statistic counter that the worm uses to keep track of its spread.

http://news.zdnet.com/2100-1009_22-6031881.html

Cambridge prof warns of Skype botnet threat

Posted on January 26, 2006December 30, 2021 by admini

Voice-over-IP apps could be used to cloak networks of zombies, used to launch denial of service attacks, a Cambridge professor has warned. Armies of ordinary PCs – “botnets” – that have been infected by a virus and put under malicious control, could be controlled and orchestrated by messages hidden in VoIP traffic generated by programs such as Skype, warned Jon Crowcroft, Marconi professor of communications systems at Cambridge University.

Denial-of-service (DoS) attacks are usually shut down by tracing control messages, normally sent by chat and IM programs.

“There isn’t a protocol you can’t use as a covert signalling channel,” responded Kurt Sauer, director of security operations at Skype. “Some large commercial groupware products have encrypted XML streams – they may not be quite as good at firewall traversal, but that’s still an opaque data stream.”

Some IT managers do not want uncontrolled traffic punching holes in their firewalls, and using bandwidth, and security vendors have launched specific products to block Skype.

Crowcroft would like Skype to publish its routing specifications, so IT managers can work better with the application, tracking it and checking its behaviour. “There are a whole bunch of reasons why obfuscation is not helpful in the long run.” Although Skype still wants its proprietary edge, the issue is up for discussion: “The people who own networks and systems have a right to manage as they see fit,” said Sauer.

http://www.techworld.com/security/news/index.cfm?NewsID=5232&inkc=0%3CBR%3E%3C/P%3E%3CP%3E

Bots Nearly Triple In 2005

Posted on January 26, 2006December 30, 2021 by admini

The first arrest of a botnet herder in the U.S. occurred in November 2005, when Jeanson James Ancheta, 20, of California, was accused of accumulating 400,000 bots. Ancheta pleaded guilty to several federal felony counts Monday, and faces up to 25 years in prison.

http://news.yahoo.com/s/cmp/20060127/tc_cmp/177104269;_ylt=AtcaWdg2oQE051AhT6AP3GQ1k4gC;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl

Zero-day details underscore criticism of Oracle

Posted on January 26, 2006December 30, 2021 by admini

The database company should have fixed the issue in the latest critical patch update (CPU), but failed to do so, he said, adding that he believes the flaw is more significant than a privilege escalation issue fixed in less than three months by Oracle in the latest update.

After hearing about the conference presentation, Oracle slammed the researcher for releasing information about the vulnerability, saying that doing so puts its customers in danger. “We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available,” Duncan Harris, senior director of security assurance for Oracle, said in an interview with SecurityFocus.

At the Black Hat Security Briefings in Las Vegas last summer, networking giant Cisco and network protection firm Internet Security Systems filed suit against a security researcher for disclosing methods to run code on Cisco’s networking hardware.

On Wednesday, he posted a workaround for the vulnerability on SecurityFocus’ BugTraq mailing list. However, Oracle said that it studied the workaround proposed by Litchfield and found it inadequate. Other security professionals have also taken Oracle to task for its troubles in effectively handling security researcher and vulnerability disclosure.

http://www.securityfocus.com/news/11371?ref=rss