Security News Curated from across the world
The first product from the Aeon project, which is being tested with a handful of clients in the financial industry, was expected to be released in April but has been pushed back until June, one industry executive said. With Aeon, Cisco is expected to compete with a number of smaller companies already in the field that build devices designed to speed up XML or process Web services security protocols.
http://www.zdnet.com.au/news/business/0,39023166,39186268,00.htm
Called protexIP/OnDemand, the Internet-based service helps developers more quickly deal with compliance requirements related to intellectual property, which typically stem from things such as customer procurement, outsourced project validations, and internal compliance programs.
“Increasingly, businesses are being required to provide evidence that they are managing the origins of their software intellectual property. Consequently, development teams are being called on for in-depth compliance validations in support of specific business transactions,” said Doug Levin, Black Duck’s CEO.
The company has had approximately a dozen beta testers of the product over the past few months, including Kayak.com, which is in the business of providing objective travel information through its simultaneous search of almost 100 travel sites.
“Open source software has gained a strong foothold in the lower levels of the software stack and is likely to have a greater impact higher up in the software stack in the future. Organizations would be wise to gain a better understanding of open source license and intellectual property to comply with various licensing obligations,” said Dan Kusnetzky, program vice president at IDC’s System Software, Enterprise Computing Group.
Typically, developers are asked to manually analyze code line by line to validate its origins, with management and legal counsel often working in concert with them to evaluate those results and assure compliance.
An online service such as protexIP/On Demand, however, serves to automate that review process, thereby producing more accurate results, company officials contend.
The product uses Black Duck’s Code Print technology and open source Knowledgebase to identify thousands of open source programs that might have been inserted into the source code. After it identifies the code, the service can identify the license associated with the inserted code by polling its database of hundreds of different license types.
http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-4de06927-3389-4cde
The new Fingerprint Sharing Alliance hopes to help its members, which include British Telecommunications, Cisco Systems, EarthLink, MCI and NTT Communications, more effectively share information on individuals responsible for launching online attacks. Other organizations involved in the collaboration include Asia Netcom, Broadwing Communications, Verizon Dominicana, XO Communications and the University of Pennsylvania.
Members of the Fingerprint Sharing Alliance will automatically send one another data on computer hackers as they observe or experience new attacks. By immediately alerting other communications companies when they’re being threatened, members of the group hope they can more effectively guard against online attacks and infrastructure hacks that cross network boundaries.
Arbor Networks is helping to spearhead the effort. The Lexington, Mass.-based company, which specializes in network threat detection and monitoring tools, will provide the technology used by the group’s members to share emerging attack data. By helping the communications giants rapidly distribute information on hackers, the security company said it can aid in blocking attacks closer to the source.
Mark Sitko, vice president of MCI’s Security Services Product Management group, said the Fingerprint Sharing Alliance will quickly provide an “unparalleled view” into new security threats as they surface around the globe. Sitko also promised that MCI will bring significant antihacking firepower to the table.
At least one industry watcher has also endorsed the group’s efforts. Jim Slaby, senior analyst with Boston-based Yankee Group, said that as online attacks become more sophisticated, industrywide collaboration is becoming a more important tool in stopping criminals. “We’re seeing more technology-savvy criminals trying to make money through denial-of-service extortion schemes,” Slaby said in a statement. “Service providers that are cooperating by sharing attack fingerprints are helping mitigate these threats more quickly and closer to the source, thus making the Internet a more secure place.”
http://news.zdnet.com/2100-1009_22-5642840.html?part=rss&tag=feed&subj=zdnet
The alliance was set up with the aim to generate public awareness and focus on best practices for security and privacy of Internet telephony networks.
The alliance said membership of its technical board had risen to 50, with newer members including a McAfee division, MCI, PricewaterhouseCoopers, Samsung Telecommunications America, Sprint and VeriSign.
Internet telephony, which is unregulated, is becoming popular due to cheap rates. With this popularity have come fears of spam and viruses–a nuisance for Internet users–though there have been no major attacks as of yet on Net telephony.
http://news.zdnet.com/2100-1009_22-5643061.html?tag=zdfd.newsfeed
The new Monitored and Managed IPS Service includes support for an extensive list of network-based IPS technologies available, including ISS, Juniper Networks, Tipping Point, McAfee, and Cisco, as well as its own Symantec Network Security 7100 Series appliances. This new offering reinforces Symantec’s commitment to providing customers with vendor choice and flexibility for their network environment.
Current Perspective: Positive on Symantec’s expansion of its MSS services, because the company continues to embrace its vendor agnostic approach to managed security services, while also addressing clients’ need for flexibility. Additionally, the enhanced offering resonates with a stronger sales message that can be pitched to a broader audience.
Vendor Importance: Moderate to Symantec, because the company expands its support for additional IPS technologies, providing some differentiation in the market compared to competitors that are slow in expanding support for Symantec’s IPS product.
Market Impact: Moderate on the managed security market, as the announcement will primarily impact competitors such as ISS, which offer their own IPS products and are not seen as vendor-agnostic.
In addition to providing added flexibility for clients and the ability for clients to upgrade to preventative (proactive) offerings from intrusion detection services (IDS) vendors (reactive), the announcement offers proof of Symantec’s commitment to delivering vendor-neutral offerings with its managed security solutions. The enhancements will primarily impact those competitors with their own branded offerings and are often cited with promoting their own brand of products over competitor’s offerings such as ISS, which may be better suited for a specific enterprises needs and budgets.
The impact on competitors in the managed security market will be moderate, as many have taken steps to move to a vendor-neutral platform themselves, recognizing the benefit of offering clients a wider array of technologies.
Symantec is not the only managed security provider that touts vendor-agnostic support for multiple technologies, as competitors such as IBM, VeriSign, Counterpane, and RedSiren (Getronics) have marketed a similar messages to attract a larger enterprise audience.
http://www.csoonline.com/analyst/report3455.html
RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer’s scan by using its executable name. We’ve therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version’s behavior.
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities.
There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Persistent Rootkits are ones associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.
User-mode Rootkits, for example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt, to enumerate the contents of file system directories. W
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures.
It is theoretically possible for a rootkit to hide from RootkitRevealer. Doing so would require intercepting RootkitRevealer’s reads of Registry hive data or file system data and changing the contents of the data such that the rootkit’s Registry data or files are not present. The bottom line is that there will never be a universal rootkit scanner, but the most powerful scanners will be on-line/off-line comparison scanners that integrate with antivirus.
There are also antivirus products, such as Kaspersky Antivirus, that use rootkit techniques to hide data they store in NTFS alternate data streams. RootkitRevealer should never report this discrepancy since it uses mechanisms that allow it to access any file, directory, or registry key on a system.
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml