Security Response: Showing posts tagged with Security

Interesting tidbit: I subscribe to the Messaging Newsemail newsletter. (I don’t actually remember signing up for it – buthey ho). I couldn’t find this replicated on their site so I am going toquote the interesting bits of the newsletter.

What caught by eye was the title ‘Cell Phone Users Experience Text Spam’. We’ve discussed this before with the most interesting incident being when one operator took legal action. Anyway back to the Messaging News newsletter, they said the following:

“Across the country this past weekend, many folks received a spammessage for the first time. While a common problem with email, theshear volume that...

Recently, I came across a publication by Tews, Weinmann and Pyshkinthat describes an attack, called aircrack-twp, which can recover a104-bit WEP key in less than 60 seconds. WEP (Wired Equivalent Privacy)is a protocol used for securing wireless LANs (WLANs) that use the RC4stream cipher to encrypt transmitted packets under a common key.

The RC4 stream cipher is at the heart of the WEP protocol and is oneof the most widely used stream ciphers in the world due to itssimplicity and compact software implementation. Packets of informationare encrypted using the following method: A 24-bit initializationvector (IV) is chosen for each packet which is concatenated with thesecret 104-bit RC4 common key to form the 128-bit per packet or sessionkey. The per-packet key is encrypted through the RC4 stream cipher toproduce a pseudo-random keystream. Note that, since each packet has adifferent IV, the RC4...

As little as three years ago, the concept of remote kernelexploitation remained arcane for most people in the security industryand was believed in some circles to be practically impossible, mostlydue to reliability issues. However, things in the security realm changequickly. Reliable exploit techniques come and go, new securitymechanisms are introduced, and arcane exploitation concepts arerevisited. Sometimes an exploitation concept that was once brushed offas too unreliable is reconsidered, bringing it again into focus as auseful and feasible attack vector.

Kernel vulnerabilities themselves are nothing new, of course. Theexploitation of local kernel flaws has been a popular pastime for manyresearchers and hackers over the years, and in many cases these flawswere shown to be exploited just as reliably as a local flaw in userlandsoftware. However, being local to the system has its advantages; thelevel of interactivity with the system and the data that is availablemake for...

The Future Watch section of the latest Symantec Internet Security Threat Reportdiscusses the changing threat landscape, and presents some issues thatSymantec believes will emerge in the next six to eighteen months. Fourkey points were made this time: malicious activity in virtual worlds,evasion processes used by malicious code, hiding the origin of attacks,and new uses for bots.

Massively multiplayer online games (MMOGs) are becoming increasinglypopular. Originally, these types of games were mainly populated by moreexperienced computer users, but as they grow in popularity, more andmore casual users are beginning to participate. These types of usersare more likely to be exploited by scammers due to their lack ofexperience. As more of these kinds of players participate in MMOGs,scammers may increasingly target them.

Moreover, some online games allow "real money...

When you think botnet, your first response is to associate them withthe usual menu of attacks such as spam generation, denial of serviceattacks (DoS), worms, Trojans, or phishing. There are many articlesthat detail typical botnet usage including illegally installing adwareor spyware (attackers get paid on a per-install basis), hostingfraudulent banking Websites, and extortion (attackers can eitherthreaten to unleash a DoS on a company’s Website unless a ransom ispaid or hold a company’s files hostage and threaten to destroy them).

A botnet is typically a network of hijacked computers used toconduct attacks, usually for personal gain. One of the advantages of abotnet is that it can be used in a distributed computing attack. Alarge problem can be broken up into smaller, more manageable parts anddistributed to many computers where they work on the problem inparallel. Distributing the workload to many computers is a veryeffective and dangerous way of mounting attacks. And since...

Volume XII of the Internet Security Threat Report (ISTR)is now out. In this report, we discuss how attackers have been usingtrusted Web sites as a means of reaching their victims. This trend is,in part, facilitated by something that we call “site-specificvulnerabilities”, which are vulnerabilities that are limited to aparticular Web site or service. These vulnerabilities are typicallypresent in the proprietary Web-based applications that drive theservices provided by the site.

What initially tipped us off to the increasing prevalence ofsite-specific vulnerabilities was actually a drop in the proportion ofWeb application vulnerabilities. In this report, we observed that 61percent of vulnerabilities affected Web applications, which is a dropfrom the 66 percent in the previous report. (Our discussion of Webapplication vulnerabilities includes only those Web applications...

In a military operation, a beachhead is a point where an attackingforce landing by sea reaches a beach and defends it untilreinforcements arrive. At this point, the reinforcements will expandthe attack. What can this possibly have to do with malicious code? Inthe last six months, we’ve seen a large shift towards multistageattacks as described in Volume XII of the Symantec Internet Security Threat Report.The first stage of a typical multistage malicious code attack consistsof a small and quiet initial downloader Trojan being installed on acomputer. This initial stage may disable security applications on thecomputer, then download other malicious code as part of a secondarystage attack (expanding the beachhead).

Of great concern is that the secondary stages usually allow theattackers to perform a wider variety of attacks against the user. Thelater stages are often back doors that...