Category: News

We’re simply naming the vendor, the date the issue was reported and the severity of the vulnerability,” Endler said in an interview with eWEEK. In the first year since ZDI started shopping for flaws, Endler said the company has fielded submissions from hundreds of hackers, culminating in 30 published post-patch bulletins.

Some, like Microsoft, are very diligent about responding, but there are others that take six months or more to get a fix ready.

According to VeriSign’s iDefense, which also buys data on flaws and exploits from external hackers, it has no plans to preannounce its purchases.

Payne suggested that TippingPoint’s move could point malicious hackers in a certain direction and put certain vulnerable applications at risk. We’ve seen this in the past with the WMF [Windows Metafile] issue and the recent problems with Microsoft Office,” Payne said in an interview with eWEEK.

Earlier in August, iDefense trained its sights on serious holes in Web browsers, offering a new $10,000 prize to any hacker who can find a remotely exploitable code execution hole in Microsoft Internet Explorer or Mozilla’s Firefox.

http://www.eweek.com/article2/0,1895,2008577,00.asp?kc=EWSTEEMNL082906EOAD

“We see a $22 billion market opportunity in managed security services, and we intend to offer a single solution for companies that have not felt comfortable outsourcing until now,” says Val Rahmani, general manager for IBM’s Infrastructure Management Services unit.

“IBM has been showing a tendency to move back, in many ways, to the old mainframe days, where it owned an account top to bottom,” says Rob Enderle, president of the Enderle Group, an IT consultancy.

“I think this acquisition is definitely part of an overall trend, where the more mature parts of the security industry — things like firewalls — are aggregated into fewer, larger companies,” says Robert Richardson, editorial director at the Computer Security Institute.

Big Blue has been carefully vendor-neutral in its approach to managed services in the past, but it seems unlikely that the company will be able to maintain that stance as it integrates the ISS technology into its offerings. The acquisition comes less than two months after IBM storage rival EMC picked up RSA Security for $2.1 billion. “RSA had been shopping itself for some time, and I assume they probably spoke with IBM. But a deal that size [EMC-RSA] probably woke up a lot of larger vendors that this is going to be a major issue going forward, and it’s better having the IP and services in house than relying on partners. “The only thing that is similar is when EMC wanted to jump into the security space they went for a household brand.

http://www.darkreading.com/document.asp?doc_id=102103&WT.svl=news1_3

Security managers have been frustrated by the proliferation of “point products” in their environments, which generate a ton of data but offer no method to filter or correlate it to find the root cause of a violation.
Security information management (SIM) tools offer a possible solution, but each has its own proprietary means of collecting and presenting security data.

“What the CEF offers is a standard way to normalize the data from the different devices and tools so that it can be analyzed,” says Steve Sommer, senior vice president of marketing and business development at ArcSight.

If it’s adopted across the industry, the CEF could play a role similar to SNMP, the IETF standard that unified network and systems management tools a decade ago. So far, however, the vendors that have announced support for CEF are those that were already ArcSight partners: AirTight Networks, CipherOptics, DeepNines, Intrusic, Reconnex, Vericept, and Vontu. Sommers says ArcSight is negotiating with “a multi-billion dollar competitor” in the SIM market, which is considering adopting the standard. He would not disclose the name of the vendor, but three of the multibillion vendors that make SIM tools are Cisco, Computer Associates, and Symantec. Even when a forum is selected, it will probably take six to 12 months to get on the agenda of the standards bodies, Sommers observes.

http://www.darkreading.com/document.asp?doc_id=102024&WT.svl=news2_4

“Something always happens during the Christmas holiday, and it wrecks the holidays for IT administrators, and something always seems to happen in August to wreck their summer vacations,” she said. “Also, System Administrator Day is July 28, so maybe things happen in August to reinforce the appreciation everyone has for us.”

Paul Asadoorian, lead IT security engineer for Brown University in Providence, R.I., speculated that the annual Black Hat hacker event in Las Vegas is a factor. “People go to Black Hat and pick up all this knowledge about how to exploit various technologies,” Asadoorian said, “then they decide to use Patch Tuesday to practice their newest skills.” That’s especially problematic in a university environment, he said, since students returning to campus in August tend to come with computers that are infected with malware.

In the case of the Windows Server Service flaw, Bradley and Asadoorian are bracing for what may be another awful August. “We separate student computers from the rest of the campus and check them for problems before letting them on the network. Network access and/or endpoint assurance are two technologies every organization should try to take advantage of, something that checks the host when it tries to plug into the network,” Asadoorian said. “The good news is that the newer platforms are in wider use,” she said, noting that her environment is now made up of machines running Windows XP SP2 and Windows 2003.

Bradley’s advice for dealing with the current threat is to separate the MS06-040 patch from the rest of this month’s urgent updates and deal with that one first.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1210536,00.html

“I used to do a lot of incident response, where someone would have a compromised system containing unknown files,” Valsmith says. “I would try to figure out what the files were, and I always thought, ‘I wish there was someplace I could go online and find out what these files are.’ So in late December of 2005, I set up the Website and started adding malware and analysis to it.”

Working on a self-funded project in the garage of co-founder Danny Quist, the two researchers began collecting and analyzing malware files for inclusion in the search engine. Soon, they added data from popular, open-source malware collections, such as Nepenthes and MWCollect, and then contributors began sending them files from their own collections.

“We get some contributions every day now, through our Web upload interface,” Valsmith says. “We hit 40,000 samples today.” Without Offensive Computing, IT troubleshooters and security researchers often are left scrounging for information about malware files that they find in their systems, Valsmith explains. “Antivirus systems in general only have about a 20 percent detection rate, so there is a ton of malware running around out there that few people know anything about,” he says. “Hopefully, we can help fill that gap.”

The groundswell of support for Offensive Computing’s efforts is indicative of a growing desire for more unified, consolidated study among security researchers, observers say. The search engine is not the only consolidation effort in town: At the Defcon conference in Las Vegas last week, Internet pioneer Paul Vixie and Georgia Institute of Technology bot researcher David Dagon announced that they have created a “malware repository” that helps researchers identify new bot exploits.

Vixie’s and Dagon’s repository includes data from Nepenthes as well as tens of thousands of malware contributions from Shadowserver.org.

Both Offensive Computing and the malware repository are designed to bring security researchers together and speed the process of shutting down new attacks. “Something has to change, because the malware authors are getting more and more sophisticated,” Valsmith says.

“We have actually been talking with some antivirus vendors on ways we can help each other improve,” he says. “We really want to reach out to the AV community and find ways to collaborate.” As more people become aware of the site, more analysis and samples are contributed, which builds up a knowledge base that people can use to help defend against threats.” However, such a unified effort could be tricky, because antivirus vendors make their living by collecting new exploits and trying to be the first to defeat them, observers note. A consolidated database of malware samples and suggested solutions could level the playing field and threaten AV vendors’ business, they add.

http://www.darkreading.com/document.asp?doc_id=101270&WT.svl=news1_1

Users in Spain have also been warned about new types of attacks that do not follow the typical path expected of phishing scams.

The new online safety campaign in Spain is backed by the Spanish government, police and the Association of Internet Users, as well as banks and other institutions.

http://www.viruslist.com/en/news?id=194527499