Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Endpoint Protection (AntiVirus) remove filter
Showing posts by Greg Ahmad remove filter
A Rise in Java Vulnerabilities
Greg Ahmad | 30 Apr 2010 | 0 comments

Web browsers are an integral part of home and business computing environments and one of the most popular and ubiquitous applications on computer systems. Due to their popularity, the exploitation of security vulnerabilities in browsers is a common method for attackers to compromise computers. Vulnerabilities in browsers and browser plug-ins facilitate the propagation of malware, as well as aid in other attacks such as fraud and the theft of sensitive information. Not only are these issues used to compromise computers in targeted attacks, but vulnerabilities affecting browser applications are also exploited en masse by malware, bot networks, and exploit toolkits. Nowadays, attacks that take advantage of vulnerabilities in browsers and other associated applications such as browser plug-ins are very common. According the recent Symantec Global...

Read more
Beyond the Initial Compromise
Greg Ahmad | 18 Mar 2010 | 0 comments

Over the past few years, targeted attacks against organizations have become increasingly common and have gained notoriety. One of the most well known of these attacks is the recent compromise of Google, Adobe, and many other companies as part of the Trojan.Hydraq or the “Operation Aurora” incident. This particular attack involved organized and well-resourced cyber criminals who used a zero-day memory-corruption exploit for Microsoft Internet Explorer as an attack vector to deliver a malicious payload, known by the name of Trojan.Hydraq. The attackers behind this operation targeted various organizations and sent messages using the spear phishing technique, which makes email messages look like they come from a trusted source, thereby increasing the chance of victims following links or opening attachments. Once the vulnerability was successfully exploited and the Hydraq malware...

Read more
A BSoD and Possibly More
Greg Ahmad | 15 Sep 2009 | 0 comments

Recently we became aware of a new security vulnerability that affects various versions of Microsoft Windows operating systems. This vulnerability allows remote attackers to carry out denial-of-service and local privilege escalation attacks against affected computers and though not confirmed, it may also facilitate remote code-execution with kernel-level privileges.

The issue was publicly released on September 7, 2009, by a researcher named Laurent Gaffié. The researcher published proof-of-concept code and some technical details on the Full Disclosure mailing list. He indicated that the code targets the Microsoft Server Message Block version 2 (SMB v2) protocol implementation in Microsoft Windows Vista and Windows 7 and it could be used to trigger a denial-of-service...

Read more
Attacks Against System Management Mode (SMM)
Greg Ahmad | 26 Mar 2009 | 0 comments

System Management Mode (SMM) is an operating mode available in Intel x86 and x86_64 architectures. SMM is the most privileged CPU operation mode on Intel architectures and facilitates power-management features and other operating-system-independent functions. It resides in a protected region of memory called System Management RAM (SMRAM)—access to which is typically limited to the BIOS. An SMI (system management interrupt) is used to enter SMM mode.

Over the last few years, research reports discussing attacks that target SMM have started to surface. In 2006, Loïc Duflot reported various security issues in SMM and presented an attack that bypassed the Securelevel mechanism in the OpenBSD kernel. In 2008, a research report...

Read more
Discussion of ActiveX Vulnerabilities
Greg Ahmad | 13 Nov 2007 | 0 comments

Earlier this year I wrote a series of poststhat highlighted the rise in vulnerabilities affecting ActiveX controlsduring 2006. I mentioned that there had been an increase in the numberof ActiveX vulnerabilities over the last six years, but moreimportantly there had been a significant rise in 2006. The first halfof 2006 saw the release of 12 vulnerabilities, while there were morethan 40 vulnerabilities in the second half.

I also stated that although 2006 saw a significant increase in thenumber of vulnerabilities in ActiveX controls, this trend would likelycontinue in 2007 due to the availability of tools and increasedinterest in ActiveX security in the community. The analysis of thethreat landscape during the first half of 2007 supports thisprediction. It also appears that issues affecting ActiveX controls makeup almost 89% of all vulnerabilities that were reported in browserplug-ins.

According to the...

Read more
Politics on the Wire
Greg Ahmad | 12 Jun 2007 | 0 comments

On April 27, 2007, various Internet resources from the Republic of Estonia came under a series of DDOS or distributed denial of service attacks.According to claims by Estonian government officials and media, theattacks originated in Russia and followed a dispute between thegovernment and ethnic Russians over the relocation of a Soviet warmemorial from the Estonian capital of Tallinn. The attacks targetedwebsites belonging to government ministries, banks, media, politicalparties and businesses.

Though DDOS attacks against various networks have taken place onnumerous occasions in the past, the particularly interesting aspect ofthese attacks was that they appear to be politically motivated and mayfall under the...

Read more
A Sudden Rise in ActiveX Vulnerabilities – Part 2
Greg Ahmad | 18 Jan 2007 | 0 comments

In my previous post,I talked about the sudden rise in vulnerabilities affecting ActiveXcontrols. In this post, I would like to talk a bit about the technologybehind ActiveX and various steps that may be taken to prevent attacks.

An ActiveX control is essentially an Object Linking and Embedding(OLE) object. OLE allows objects to be shared using Component ObjectModel (COM) technology, which is a model that permits softwarecomponents to communicate with each other. Distributed COM (DCOM) is anextension of COM that allows for the sharing of components over anetwork. ActiveX technology essentially facilitates the functionalityof OLE on the World Wide Web. The controls can run on platforms thatsupport COM or DCOM.

According to Microsoft, ActiveX controls must provide an interface named “...

Read more
A Sudden Rise in ActiveX Vulnerabilities – Part 2
Greg Ahmad | 18 Jan 2007 | 0 comments

In my previous post, I talked about the sudden rise in vulnerabilities affecting ActiveX controls. In this post, I would like to talk a bit about the technology behind ActiveX and various steps that may be taken to prevent attacks.

An ActiveX control is essentially an Object Linking and Embedding (OLE) object. OLE allows objects to be shared using Component Object Model (COM) technology, which is a model that permits software components to communicate with each other. Distributed COM (DCOM) is an extension of COM that allows for the sharing of components over a network. ActiveX technology essentially facilitates the functionality of OLE on the World Wide Web. The controls can run on platforms that support COM or DCOM.

According to Microsoft, ActiveX controls must provide an interface named “...

Read more
A Sudden Rise in ActiveX Vulnerabilities – Part 1
Greg Ahmad | 16 Jan 2007 | 0 comments

The year 2006 saw the rise of numeroussecurity trends such as attacks against social networks, initiatives byresearchers to sequentially disclose many flaws in Web browsers andoperating system kernels, attacks being used for financial gain, and adramatic increase in the number of vulnerabilities affecting Webapplications. During the last few months of the year, I have noticedanother trend that did not receive much attention. There has been asignificant increase in the vulnerabilities that affect ActiveXcontrols. These vulnerabilities can facilitate an assortment of attacksthat may simply cause the disclosure of sensitive information to anattacker or, in the worst-case scenario, allow them to execute code togain unauthorized access to an affected computer.

During the last few years there has been an increase in the numberof vulnerabilities affecting ActiveX controls shipped by variousvendors. In the year 2001, DeepSight Alert Services reported a...

Read more
A Sudden Rise in ActiveX Vulnerabilities – Part 1
Greg Ahmad | 16 Jan 2007 | 0 comments

The year 2006 saw the rise of numerous security trends such as attacks against social networks, initiatives by researchers to sequentially disclose many flaws in Web browsers and operating system kernels, attacks being used for financial gain, and a dramatic increase in the number of vulnerabilities affecting Web applications. During the last few months of the year, I have noticed another trend that did not receive much attention. There has been a significant increase in the vulnerabilities that affect ActiveX controls. These vulnerabilities can facilitate an assortment of attacks that may simply cause the disclosure of sensitive information to an attacker or, in the worst-case scenario, allow them to execute code to gain unauthorized access to an affected computer.

During the last few years there has been an increase in the number of vulnerabilities affecting ActiveX controls shipped by various vendors. In the year 2001, DeepSight Alert Services reported...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,791