CyberSecurity Institute

Evron, who serves as the Israeli CERT manager and is a leader in many global Internet security efforts, said the group includes representatives from anti-virus vendors, ISPs, law enforcement, educational institutions and dynamic DNS providers internationally.

Over the last year, the group has done its work quietly on closed, invite-only mailing lists. Now, Evron has launched a public, open mailing list to enlist the general public to help report botnet C&C servers. The new mailing list will serve as a place to discuss detection techniques, report botnets, pass information to the relevant private groups and automatically notify the relevant ISPs of command-and-control sightings. “The vetted lists will still do the bulk of the work, but we needed a public place to involve a wider audience,” Evron said in an interview with eWEEK.

Anti-virus experts have detected signs of a massive, well-coordinated Trojan attack capable of creating botnets-for-hire.

Dan Hubbard, senior director of security and technology research at San Diego-based Web filtering software firm Websense, said the threat from botnets should be high on a CIO’s worry list. “We’re seeing more and more bots being written for multiple use.”

Roger Thompson, a veteran anti-virus researcher who runs the Atlanta-based Exploit Prevention Labs, said the vigilante approach to targeting botnet command-and-controls comes with upside and downside. However, Thompson worries that culling the herds may breed a stronger beast. Like Thompson, Evron admits that the command-and-control shutdowns are only a small part of dealing with the growth of botnets.

The bad guys go back to drawing board and plan a more sophisticated mode of attack.

With the new mailing list and increased public participation, Evron envisages a scenario where experts in the anti-virus, anti-phishing, anti-spyware and anti-spam industries are all working together on research and development to help curb the growth of botnets. Websense’s Hubbard agrees there’s no silver bullet to solve the problem. “The techniques are becoming better and more sophisticated as we come out with new defense techniques.”

http://www.eweek.com/print_article2/0,1217,a=172598,00.asp

Null Session/Password NetBIOS Access Multiple Vendor SNMP Request and Trap Handling Vulnerabilities AT&T WinVNC Server Buffer Overflow and Weak Authentication Vulnerabilities Cisco IOS Telnet Service Remote Denial of Service Vulnerability Writeable SNMP Information SSH Protocol Version 1 OpenSSH Multiple Memory Management Vulnerabilities Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial…

Even with the comprehensive set of security products Juniper and Cisco have developed, integrators are still finding holes that can be filled by innovative security companies with specialized tools.

In particular, with applications like VoIP and 802.11 wireless networks, security concerns are only starting to emerge, so the reliability of protection from attacks is very much in doubt, according to several VoIP specialists.

VARs say they’d like to see Cisco’s SDN platform include an integrated management tool that links all the products together, and a solution for spam, content filtering and virus control, all of which are handled by third-party products with SDN.

http://www.varbusiness.com/showArticle.jhtml;jsessionid=QVM0ECQPSNV1WQSNDBOCKHSCJUMEKJVN?articleID=179103316

The software created by the project will likely compete with Microsoft’s InfoCard framework, which will form the core identity management role in the software giant’s next-generation operating system, Windows Vista.

The hope is that the software will help reduce the amount of unsecured data on the Internet and stem the tide of data leaks.

http://www.securityfocus.com/brief/149?ref=rss