Category: News

Virtualized IPS acts as a filter scanning network traffic for known vulnerabilities and virus signatures and blocks them from the virtual machine level before they reach the physical operating environment, he said. The Virtual Security Solution will enable IT to keep vital security processes isolated from potential problems with the main operating system, giving IT managers better control of endpoint security. Malicious disabling or reconfiguring of security safeguards are becoming more prevalent among targeted attacks, said Gregory Bryant, general manager, digital office platform at Intel.

A recent survey of Canadian IT security managers and personnel revealed that between 63 per cent and 79 per cent are concerned about the disabling or misconfiguring of security systems by hackers and Trojans, by employees or by operating system and application patches. According to the report, IT managers’ concern about employees disabling system defences is rising among 27 per cent of Canadian respondents.

http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?ID=idgml-580e3312-4e56-4ff3-bcff-3c3f483c9bc9

“If they are able to stay active longer, they make more money,” said Alfred Huger, senior director of engineering with the security response team at Symantec Corp., a software vendor that issued its twice-annual state-of-security report Monday.

Not too long ago, he said, a single person took control of as many as 400,000 computers at once with the help of malicious programs. Today, the average is less than 1,000, making such networks more difficult to track and shut down.

Huger said spammers have been compiling e-mail lists specific to geographic areas, by targeting a single Internet service provider that serves a particular region or by combing mailing lists devoted to a city’s happenings. Messages sent to those lists can be used for scams or the spread of malicious programs, such as those for stealing data.

Virus writers have also judiciously used Web sites with software vulnerabilities allowing for the spread of malicious code, Huger said. They will remove the malicious programs once enough users are infected and restore the malware later, he said. “They are very careful about the spread,” he said.

Many of the newer viruses spread primarily through social engineering — tricking a user into opening an e-mail attachment by making a message appear legitimate. Although virus writers have long used that technique, many had been trying to overcome delays inherent with the need for any user intervention, taking advantage of system flaws to automatically spread their programs.

Network worms such as 2004’s “Sasser” exploited flaws in Microsoft Corp.’s Windows operating system, automatically scanning the Internet for computers with the vulnerability and sending copies of themselves there. But the rapid spread also triggered rapid-response alerts among security vendors and prompted network operators to prioritize applying fixes to the Windows flaws.

High-profile threats, often more an annoyance than an effort to set up armies of rogue computers, are typically contained within a day or two. By contrast, botnet computers can stay active for months.

http://news.moneycentral.msn.com/provider/providerarticle.asp?feed=AP&Date=20060925&ID=6050838

The case of Eric McCarty illustrates the danger: The network administrator found a database vulnerability in the online application site for the University of Southern California but was prosecuted for his unauthorized access of the server and last week agreed to plead guilty.

Easy-to-use Web programming languages are also to blame, because they attract people who have not programmed before and can be more easily audited for flaws, Christey said. “The existence of these web-friendly languages, like PHP, lowers the bar for someone to create a useful application but also lowers the bar for someone to find vulnerabilities in that application,” he said. In the CVE Project’s latest numbers, flaws that use a technique for injecting code from one Web site into another, known as cross-site scripting or XSS, accounted for 21.5 percent of the vulnerabilities reported so far in 2006.

http://www.securityfocus.com/news/11413?ref=rss

Providers, said Arbor, regularly report attacks beyond the capacity of core backbone sections of the Internet in the 10-20Gbps range.

The bulk of these DoS attacks originate with botnets, collections of compromised computers that criminals have acquired by infecting them with Trojan horses through other means, such as e-mail, spyware, or malicious Web sites.

http://www.informationweek.com/story/showArticle.jhtml?articleID=192701817

But because this measurement technique assumes the DOS attack was launched through spoofed IP addresses, it doesn’t account for DOS attacks launched via botnets, which have become a much more attractive vector for attackers, the research team said.

The new study combines traditional indirect measurement of backscatter with direct measurement of Netflow and alarms from a commercial DOS detection system.

http://www.darkreading.com/document.asp?doc_id=103049&WT.svl=news2_3

“We didn’t know what we were going to get back–what we wanted was to objectively look at the losses caused by attacks,” said Dirck Schou, senior director of security solutions for Phoenix Technologies.

Device identification–or attestation–is a central capability of the hardware component of the trusted computing model, known as the Trusted Platform Module (TPM). Phoenix Technologies, which makes one version of the basic input/output system (BIOS) that allows operating systems to control a computer’s hardware, has created products that work with the TPM to identify the computer systems on a corporate network, but has also created products that can also work without the specialized hardware, Schou said.

Yet, more and more personal computers and laptop systems are shipped with the technology already on board. About 20 million computers, most of them laptops, shipped with the Trusted Platform Module in 2005, according to the Trusted Computing Group, the industry association that has created the hardware specification.

“For example, IP addresses could be used to authenticate some machines–and are probably sufficient under some threat models and policies to make the distinction between ‘sanctioned’ and ‘unsanctioned’ machines.”

The study found that the industries hardest hit by attacks were government, retail and high-tech, and that 78 percent of attackers used a home computer to do the deed, but that leaves a lot of questions unanswered, Schoen said.

Companies should ask whether they can reliably distinguish between sanctioned and unsanctioned computers on the network, whether employees working from home on unsanctioned computers would be allowed to access the network, and whether the technology could be deployed pervasively enough to matter. “We would need to know that the unsanctioned computers were actually necessary to the commission of these crimes, and that the crimes could not have been committed without using the unsanctioned computers,” Schoen stated in the e-mail interview.

http://www.securityfocus.com/news/11410