Category: News

The Council is a working body of customers established to provide guidance to Symantec’s leadership and development teams regarding the company’s strategic plans and enterprise services and solutions. They will also help guide the direction of existing solutions by providing feedback that reflects the evolution of the security and availability markets and the changing realities of the customers’ business environments. In addition, the Council provides an opportunity to create meaningful and strategic partnerships between Symantec and its large enterprise customers.

http://www.darkreading.com/document.asp?doc_id=100924&WT.svl=wire_3

During a presentation, two vulnerability researchers from security firm Matasano presented the results of their research on the common software agents included on many enterprise computer systems. The two researchers, David Goldsmith and Thomas Ptacek, found numerous vulnerabilities in the agents designed to handle automatic updating, schedule backup tasks and handle support requests, the researchers said.

In another presentation, two other researchers–SecureWorks flaw finder David Maynor and graduate-student-cum-hacker “johnny cache”–showed off a method of compromising laptop computers via flaws in the wireless drivers. In a movie demonstrating the technique, the duo showed the attack compromising an Apple MacBook, allowing Maynor the ability to create and delete files on the desktop.

“Now that the OS layer is harder to crack, you are seeing a lot more people going higher up the stack, to applications, or lower, to device drivers,” Maynor said. Flaw finders and attackers bent on industrial espionage have started focusing on discovering vulnerabilities in Microsoft Office.

For the past 18 months, researchers have also focused on finding security issues in the antivirus clients that ironically are supposed to protect PCs from attacks. And, researcher HD Moore used data-fuzzing tools to find numerous flaws in the most common browsers used by Web surfers.

Many of the vulnerabilities are easy to find and should have been caught by developers, if the companies had performed a basic security audit, said Matasano’s Ptacek. While Apple has frequently been criticized by security researchers over the difficulty many flaw finders have found in reporting vulnerabilities to the company, the Mac maker responded quickly to the report filed by Maynor and “johnny cache,” the duo said.

Using the information and a database of driver flaws found by a homegrown data-fuzzing tool, Maynor and “johnny cache” could compromise not just a MacBook but also Linux and Windows XP laptops, the duo claimed. “While we attacked an Apple, the flaws are not in the Mac OS X operating system but in the hardware device drivers,” Maynor told SecurityFocus.

The fuzzing techniques used by the pair of researchers discovered mostly flaws that could be used to cause a denial-of-service.

http://www.securityfocus.com/news/11404

Digital Bond, a security consultancy that focuses on supervisory control and data acquisition (SCADA) and other distributed control system technology, plans to release the initial set of plug-in features on November 1.

“Many of the existing Nessus plugins pull security related information about IT devices on the network,” Digital Bond’s CEO Dale Peterson stated on the company’s blog.

As part of the push, Idaho National Laboratory has teamed up with infrastructure providers to offer example contract language intended to require that suppliers make security a priority.

http://www.securityfocus.com/brief/269

Researchers at Cupertino, Calif.-based Symantec examined the new networking technology in recent test releases of Vista, Microsoft’s next major operating system release, according to the report. They found several security bugs and determined that Vista’s networking technology will be less stable, at least in the short run, than Windows XP’s, the report said. New networking technologies in Windows Vista will be less stable and secure than Windows XP, at least in the short term, Symantec researchers say.

The report from security rival Symantec draws attention once again to Microsoft’s goal of improved security and the hurdles the software giant faces in getting there. “Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects,” the researchers wrote in the report, scheduled for publication. “This may provide for a more stable networking stack in the long term, but stability will suffer in the short term.”

Vista, slated to be broadly available in January, will be the first major new version of Windows for PCs since XP, which was released in 2001. Microsoft has put a stronger emphasis on protecting PCs in the new operating system, as security has grown in importance over those five years. Symantec’s report draws attention once again to Microsoft’s goal of improved security and the hurdles it faces in getting there.

A Symantec representative said Symantec had provided the Redmond, Wash., company with a copy of the paper.

Microsoft, in a statement provided to CNET News.com, said Vista is being developed with the highest attention to security. Highlighting issues in early builds of Windows Vista does not accurately represent the quality and depth of the networking features, the software maker said. “Given that Windows Vista is still in the beta stage of the development and not yet final, the claims made in this report are, at best, premature,” Microsoft said. And given the extensive work we are doing to make Windows Vista the most secure version of Windows yet, we believe the claims are also unsubstantiated.”

Microsoft also noted that Vista will be the first client-based operating system to go through the company’s complete Security Development Lifecycle, a process designed to prevent flaws and vet code before it ships.

Traditionally allies, Microsoft and Symantec are now going head-to-head in the security arena. In late May, Microsoft introduced Windows Live OneCare, a consumer security package, and the software giant is readying an enterprise product. Symantec has also sued Microsoft, alleging misuse of data storage technology it licensed to the company.

In their paper, titled “Windows Vista Network Attack Surface Analysis: A Broad Overview,” Symantec researchers put the networking technology in Vista under a magnifying glass to determine its exposure to external attacks. The team said it found several flaws in build 5270 of Vista and even more in earlier test versions. However, these were all fixed by Microsoft in build 5384, the version of the operating system that was publicly released in May as Beta 2.

“While it is reassuring that Microsoft is finding and fixing these defects, we expect that vulnerabilities will continue to be discovered for some time,” the researchers wrote. “A networking stack is a complex piece of software that takes many years to mature.”

Hunting bugs With each build, Microsoft seeks to make the code more stable. On Monday, it released to selected testers build 5472 of Vista, which likely has put right more bugs. For maintenance purposes and to improve performance and stability, the company is building much of Vista’s networking technology from the ground up. The clean-slate approach also lets it add features such as support for version 6 of the Internet Protocol (IPv6).

“We’re not saying that Vista’s network stack is going to be inherently insecure when it is released,” Oliver Friedrichs, director of emerging technologies at Symantec Security Response, said in an interview Monday. “Vista is one of the most important technologies that will be released over the next year, and people should understand the ramifications of a virgin network stack.”

Friedrichs noted that in the Linux networking stack, vulnerabilities and stability issues continue to surface well over five years after it was first released.

Aside from security flaws, features supported by Vista’s new networking technology could expose a PC running the operating system, according to Symantec’s report. For example, Vista will be the first Windows version to support IPv6, the next update of the technology standard used to send information over computer networks, by default. To help transition to the new protocol and for peer-to-peer networking features, Microsoft has functionality called IPv6 tunneling in Vista. This functionality could expose PCs that otherwise would be invisible behind a firewall, Symantec said. “IPv6 and its accompanying transition technologies allow an attacker access to hosts on private internal networks outside of the (purview) of the administrator,” the researchers wrote.

As Vista becomes available, businesses should update security systems, such as firewalls and intrusion detection systems, to prevent that, they wrote. The technology that underlies Vista’s peer-to-peer collaboration features, much ballyhooed by Microsoft, could also pose a security threat, Symantec said. To provide these features, Microsoft has added support for serverless name-resolution protocols, such as Peer Name Resolution Protocol (PNRP), that allow a Vista PC to operate in a network of Vista machines without a central server.

“As these technologies see wider deployment, we expect IPv6 and the new peer-to-peer protocols to play an increasing role in the delivery of malicious payloads,” the Symantec paper said.

“These features are critical to the success of Microsoft’s peer-to-peer initiative but are also the same features that attackers need to deliver malicious content.” Although the Symantec report is one of the first more extensive looks at the security of Vista, the researchers looked at only a small part of the new operating system. Also, since Vista is still in development, much can still change. “We expect many of our results to be invalidated by changes made prior to its public release,” the researchers wrote. But Friedrichs did underline the importance of networking technology in overall operating system security. “The network stack is the first line of defense for an operating system, it is the primary component that separates an attacker from the operating system,” he said. “It is very critical that this component is as robust as it can possibly be.”

http://news.com.com/Symantec+sees+an+Achilles+heel+in+Vista/2100-7355_3-6095119.html?tag=newsmap

He worked with others, including researchers at the Offensive Computing project — who gave him access to their malware database — to create the code, which includes a malware signature generator, a malware Google API signature search application, and a malware downloader.

Last week, San Diego-based Websense noted that Google indexes binary files, in particular some Windows executables, and in general terms described how it created a toolset that used the search engine’s API to automate detection of malware and malicious code-infected sites on the Internet.

In a July 10 interview, Dan Hubbard, Websense’s senior director of security, said the company would share the search tools only with a select group of researchers. “Rather than looking for strings within Bagle or MyDoom, look for the evidence of packers in executables.”

Moore and Hubbard also disagreed on the danger of publicly releasing a Google-based malware search tool, with the latter holding to Websense’s earlier position of keeping its findings within the security community by distributing them only on private mailing lists.

http://www.darkreading.com/document.asp?doc_id=99328&WT.svl=cmpnews2_1

In hopes of simulating a real-world situation, the attackers made a point of using the most publicly known exploits during the competition. They also took advantage of common mistakes like the use of weak passwords or the same passwords on multiple systems, and targeted security holes in Microsoft Windows that have readily available patches. In one case, for instance, NSA hackers gained control of a router in a complex network architecture built by the West Point team because the team neglected to change the default password on the Cisco Systems device.

Michael Tanner, an Air Force cadet, said the team’s nine members, mostly computer science and engineering majors, had only basic knowledge of information assurance practices.

“We know there’s a tendency for students to think they have to build some sort of whizbang network with bells and whistles,” said Rigo MacTaggart, who participated on the NSA’s end.

http://news.com.com/Security+agency+war+game+tries+to+teach+Net+defense/2100-7355_3-6091731.html?tag=nefd.top