|
News for
102800
contributed by weld pond and abner
You've heard it before and you'll hear it again. Threats are evolving. We've
seen viruses retrieve and forward passwords before on a large scale, now
they are becoming targeted and fast. Threat evolution is something that
cannot be dealt with reactively; it must be part of infrastructure planning
and design. Today, all attention is focused on Microsoft. The world's
favorite target has fallen victim to a password-stealing virus that got a
hold of passwords that can access the source code to upcoming versions of
Windows and Office. It is unclear whether or not the perpetrators were able
to use the passwords to actually access and manipulate the source code,
however if the source code was accessed two questions remain.
1. Was the code manipulated in some way that could open the door for later
attacks or other problems? Microsoft claims no, the code has maintained it's
integrity. Other than to trust Microsoft's word we may never know the
answer.
2. Does the ability for a criminal group to view the source code destroy the
security by obscurity that is key to so many commercial software products?
In the open source community, numerous hackers examine products and
contribute solutions to flaws in the products. In the commercial world, many
companies rely on their development team to produce secure code and then
keep the source code secret to not only protect their intellectual property,
but also to minimize potential attacks that could be launched against the
product. In this case, the loss of security by obscurity could result in a
criminal having intimate knowledge of the product development cycle to be
able to develop targeted attacks on future Microsoft products.
Regardless of the quality of Microsoft products, the mere fact that the
company was able to recognize that this incident occurred is unfortunately
unique. Many corporations might never know this had happened to them. In
fact the ability to isolate the incident to specific networks or machine is
quite difficult in many environments.
The other interesting thing going on here is the Trojan horse attack. These
attacks have been discussed for several years now and the current solution
has been to use content filtering software to detect the attack. If you are
one of the world’s favorite targets, the Trojan horse writer will write the
attack specifically at you. By the time the anti-virus companies know about
the Trojan horse and are able to detect and stop it, it’s too late.
Unfortunately, it has taken a high profile incident like this for awareness
to spread.
One solution is to seperate general purpose computing such as internet
surfing and email from sensitive computing such as accessing source code or
controlling IT infrastructure. This is what the military does. They run 2
networks that are physically isolated from each other. A less expensive
solution is to keep all executable content from reaching workstations such
as executable programs, active HTML content, or documents that contain
macros. This is difficult to acheive in reality so physical seperation is
the the only way to be sure you are secure.
The Wall Street Journal broke this story and pretty much everybody is
currently running it. Look for more information and speculation to filter
out through the rest of the day.
Wall Street
Journal via MSNBC
Reuters
CNNfN
CNET
Newsbytes
AP
via ABC News
Reuters
via Excite re: Microsoft Stock Price
Symantec’s
Qaz description
F-Secure’s Qaz
description via datafellows.com
|
|
|