Category: Warnings

The report statistics were gathered through an outsourced service providing website vulnerability assessments on an ongoing basis.

With more than six hundred sites under management, including many of the Fortune 500, WhiteHat has access to an unparalleled amount of security data, which allows them to accurately identify which issues are the most prevalent.

Since the last report in April 2007, there has been a noticeable increase in several technical vulnerabilities including XSS, Information Leakage, SQL Injection and HTTP Response Splitting, which can be directly attributed to the discovery of new attack techniques and the improvement in vulnerability identification technology.

http://www.net-security.org/secworld.php?id=5539

An attacker could send a malicious HTTP packet to the vulnerable content scanning system

Cisco has confirmed that its Cisco Intrusion Prevention System and Cisco IOS with Firewall/IPS Feature Set products are vulnerable to the flaw. Cisco notes in its advisory that it is not aware of any malicious use of the vulnerability. Among those US-CERT lists include: 3com, Alcatel, Avaya, D-Link Systems, Debian GNU/Linux, EMC, Fedora Project, Gentoo Linux, Hitachi, IBM, Intel, Linksys (a division of Cisco), Lucent, McAfee, Microsoft, Nokia, Nortel, Novell, Red Hat, Sony, Sun and Symantec.

http://www.internetnews.com/security/article.php/3678051

“Previously, they may have been lost in the general noise of one to two million pieces of malware per day,” the report states. “Target organizations are those with data worth stealing,” the report says.

“One gang has been using the same two attack files since November 2006,” the report says. The Taiwan gang changes its source IP address frequently, making it hard to detect, MessageLabs says. The IP address hosting the Web server that dishes out the malware is registered to China United Telecommunications Corp. in Beijing. Emails from the Taiwan gang are not particularly attractive, generally showing only a string of unreadable characters and carrying attachments.

Many antivirus applications do not yet detect the Trojan, according to the messaging security company.

http://www.darkreading.com/document.asp?doc_id=122009&WT.svl=news2_5

Already malware commonly masquerades as useful code and sometimes does provide the function it promises while doing other less desirable things in secret.

That’s one of the three main exposures Wagner sees with SOA, and organisations are already experiencing problems when employees access the wrong sites from their work desktops and accidentally import malware into the enterprise.

Combating malware — whether it is associated with SOA or someone downloading “free” music from a file-sharing site — requires a strategy which combines technology with education. The security technology needs to be able to stop malware before it can infect the network. The second major exposure is more technical and harder to intercept. Again, every organisation accepting XML-encoded files, which is the vast majority of organisations today, is exposed already. But SOA promises to increase the number of XML transfers — and, therefore, the exposure — by orders of magnitude, while the huge volume of these transmissions in the SOA architecture also complicates the problem of intercepting the occasional piece of malware in that flow, even as it attracts increasing attention from criminals.

Education is much less effective in dealing with this exposure, because it is more likely to be injected into an otherwise legitimate packet flow entering the enterprise and may further disguise itself by entering in several separate packets mixed into legitimate traffic.

In a simple transaction the user authenticates at the beginning of the session and that authentication carries through the session. However, in an SOA model the user may initiate a transaction and disconnect from the server while the transaction flows through a group of back-end services, so the user has no direct connection to the final transaction.

http://computerworld.co.nz/news.nsf/devt/808389829A348680CC2572B40001DCF8

“But one of the key things about hypervisors is their design is simpler than the modern operating system. On the flip side, it’s a new layer that’s another opportunity for attack,” he says.

Hypervisors are programs that allow multiple operating systems to use the same hardware. But these programs can also breed complexity, and with complexity comes security problems.

Virtualization security solutions so far have been focused mostly on the hypervisor: IBM, for instance, recently unveiled SHype, a new secure hypervisor technology that ties security policies to virtual machines. And VMWare’s desktop Ace software lets you lock down virtual machines, even when they are moved around. Lin says it works like a network access control (NAC) for virtual machines.

Thomas Ptacek, a security researcher with Matasano Security, says the move to virtualization is the biggest thing happening in IT today. “Some say virtualization of the OS doesn’t change anything, and others, that with virtualization, everything is broken,” Sequeira says. There are more vulnerabilities in your operating system than in your virtualization software, such as VMware, Matasano’s Ptacek notes. It’s more about how you configure your virtual architecture, where the virtual machine software is the main barrier among the different apps sharing the same physical machine.”

The underlying problem: Virtualization creates a set of dynamics in the IT infrastructure that traditional security approaches “don’t cope with well,” says Kevin Leahy, director of virtualization at IBM.

http://www.darkreading.com/document.asp?doc_id=117908&WT.svl=news2_3

Whilst we still have the odd occasion where the so called “script kiddies” are intent on creating havoc and making a name for themselves, the majority of malware now comes from persons or organizations involved in criminal activity with significantly more resources at their disposal. In this environment the malware is often created to target one specific company or group of companies making it very hard for the antivirus industry to obtain a sample of the threat and provide signature updates to protect against it.

Users likely to be targeted by special attacks Particular organizations are considered more attractive for targeted attacks using malicious code to infiltrate their systems.

The need for protection software that is less dependant on signature-based techniques is seen as paramount.

http://www.it-observer.com/articles/1297/malware_creates_new_challenges_anti_virus_vendors/