--Dennis Fisher, August 7th, 2008
Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.
S: In your professional opinion, how can people avoid adware?
M: Um, run UNIX.
S: [ laughs]
M: We did actually get the ad client working under Wine on Linux.
S: That seems like a bit of a stretch!
M: That was a pretty limited market, I’d say.
As previously announced, Microsoft has released a security update for Windows to close a total of three holes in the SMB protocol implementation. All three holes are based on buffer overflows. Two of them can apparently be exploited to inject and execute code remotely, without previous authentication. The third buffer overflow reportedly only causes the computer to reboot.
Microsoft Patch Tuesday bug is scary
THE FIRST Patch Tuesday fix of 2009 put out by Microsoft addresses a dangerous security vulnerability in its Server Message Block (SMB) protocol, or so say some insecurity experts
--Jim Allchin, Microsoft
The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.
Report: 2.5 million PCs infected with Conficker worm
According to F-Secure, there are already almost 2.5 million PCs infected with the Conficker worm, also known as Downadup. Since the worm has the ability to download new versions of itself, it is expected that the infection could spread much further. The new code is downloaded from domain names generated with a complex algorithm, making it hard to predict what domains will be used to spread the worms updates.
With nearly a third of all Windows systems still vulnerable, it's no surprise that the "Downadup" worm has been able to score such a success, Kandek said. "These slow [corporate] patch cycles are simply not acceptable," he said. "They lead directly to these high infection rates."
Here's a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.
That's what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.
The message is surprisingly cordial, given that Microsoft's security researchers spend their days trying to put people like Zlob's author out of business. "Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast," the hacker wrote, adding, "Happy New Year, guys, and good luck!"
The Ministry of Defence confirmed today that it has suffered virus infections which have shut down "a small number" of MoD systems, most notably including admin networks aboard Royal Navy warships.
The Navy computers infected are the NavyStar (N*) system, based on a server cabinet and cable-networked PCs on each warship and used for purposes such as storekeeping, email and similar support functions. N* ship nets connect to wider networks by shore connection when vessels are in harbour and using satcomms when at sea.
The demise late last year of four of the world's biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half - almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning.
--Arno Edelmann, Microsoft's European business security product manager
Comments
Needs Sunlight
2009-01-16 12:39:07
Two interesting pieces:
"Trusting Trust" http://www.acm.org/classics/sep95/ alternate link: http://cm.bell-labs.com/who/ken/trust.html
"Exploiting Concurrency Vulnerabilities in System Call Wrappers" http://www.usenix.org/events/woot07/tech/full_papers/watson/watson.pdf
The first link, "trusting trust", shows that no amount of bluster or bluffing can make Windows secure. Without full access to the source code for all components in the system and its applications back doors can be hidden all over.
Two follow ups for that, also show that at the end of the day, you must have and be able to use the complete source code for the whole system and each and every component or application: http://www.dwheeler.com/trusting-trust/ http://www.schneier.com/blog/archives/2006/01/countering_trus.html
The second link, "concurrency vulnerabilities", looks like it completely destroys the myth that add-ons can help. It *looks* like all currently existing security software for Windows can be bypassed without detection or recourse -- until such time as Windows is redesigned and rewritten from the Kernel on up.
To pick on FOSS for a bit, the first two show why the decision to tolerate BLOBs in Debian and the downgrading of the Qt license to LGPL can lead to unmitigated disasters, either through insecurity, vendor lock-in, DRM, and hardware lock-in.
The Mad Hatter
2009-01-17 03:24:30
Jose_X
2009-01-18 21:29:41
To add some:
Reading source code tells all -- if you trust the build system binaries that will be used to turn that source into binaries. In particular, if you have the source to the build system components, it's easier to trust those build system binaries; however, the build system binaries have to be built themselves, this means you need an existing (simpler) build system. So do you have the source to that? And how about the source to the (even simpler) build system that built this last build system? At some point, dissembling very simple binaries upon which a multi-stage build process will occur may be what is necessary in order to gain the most trust.. or just be really sure you get your binaries from someone that has gone through that trouble. For example, the gcc system should have gone through a lot of care over the years (including back when gcc was much simpler). If gcc+co are safe, then everything else built upon it (eg, a whole distro since even other language platforms like perl, etc, could be built with gcc+co) should be as trustworthy as the sources to each of the component parts of the distro (ie, you can trust those sources that make up the distro if you trust the gcc build system).
Jose_X
2009-01-18 21:36:11
Roy Schestowitz
2009-01-18 21:40:28
Over in China, I suspect the GNU/Linux distribution they force-feed has some China-only surveillance facilities strapped onto it.