Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Jeremy Ward | 04 Sep 2007 07:00:00 GMT | 0 comments

Is the public sector bothered about IT risk? Although it’s a hot topic, as we saw at RSA in February, surely the public sector is more worried about saving money and meeting government targets? Well, yes – but one of the best ways of doing this is to ensure your IT systems operate efficiently and can deliver the services the public want, when they want them, not just when your offices are open. Shared services save money too – but mean sharing the security pain as well as the productivity gain. All this means more IT risk.

Symantec recently released the latest in-depth study taken from its IT Risk Management Report. This is a mini-report on findings from the public sector. The report looks at how IT professionals in the public sector view sources of IT risk and the effectiveness of the controls used to manage it. The report is based on feedback from 77 IT professionals in...

Peter Coogan | 31 Aug 2007 07:00:00 GMT | 0 comments

The recent release of the eagerly anticipated Bioshock game lead togamers getting another kind of shock. Bioshock is a hybrid first-personshooter/RPG from Irrational Games. A rumor had circulated that theBioshock game comes loaded with a rootkit. After investigation Symanteccan confirm that this is not true.

The rumor seems to have started after Microsoft’s RootkitRevealerfound a “SecuROM” registry setting that it found suspicious after theBioshock game had been installed. SecuROM just so happens to be ownedby Sony who after all had started the whole rootkit outrage with theirmusic CDs.

The secuROM installation creates a folder and a registry key with anull character which prevents users from accessing/deleting the keyfrom the registry. This is to assist with disc authentication andpiracy. It is however not a rootkit.

Ben Nahorney | 31 Aug 2007 07:00:00 GMT | 0 comments

About a year ago we wrote about misleading applications and the business models behind them.Misleading applications, also commonly known as “rogue antispyware”applications, claim to detect and remove threats from your computer.What they actually do instead is report threats on clean computers andrequest payment for removal of these non-existent threats. Today, theirnumbers are on the rise, making up a larger portion of the securityrisks in the threat landscape. For example, we have discovered morethan 40 new misleading applications since June 2007.

So how have they risen to such prominence? Misleading applicationsplay upon a user’s concern that malicious threats may reside on his orher computer. “Your computer may be at risk!” is the overriding themewhen a user encounters one of these risks. The irony is that themisleading application itself...

Ollie Whitehouse | 30 Aug 2007 07:00:00 GMT | 0 comments

With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.

Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think...

Brian Hernacki | 30 Aug 2007 07:00:00 GMT | 0 comments

So far in this series, I've posted a blog that talked about municipal Wi-Fi security in general and a second blog that talked specifically about Wi-Fi network identification. In this post, I want to cover muni Wi-Fi network authentication. There are essentially two parts involved with Wi-Fi authentication. The first part is how you authenticate to the network and the second is how the network authenticates to you.

Most people are familiar with the first part. Many Wi-Fi networks will dump your browser to a login page where they ask for a username and password, or even a credit card number to use to bill you. Some of the more secure networks will ask you to provide authentication information more directly. I have seen muni...

Ollie Whitehouse | 29 Aug 2007 07:00:00 GMT | 0 comments

Yes this could be a 500 page book, but I’m going to try to present the future of security in fewer than 1,200 words.

Up to now in this anniversary series, my fellow Symantecites have been discussing what has happened over the past 25 years around security and how Symantec and the industry have grown to meet these challenges in a number of areas, from malicious code and vulnerabilities through to modern day threats such as phishing. We’ve come from a world of floppy disks and modems into a world so connected and converged that few of us could have imagined how it would have become so in such a short time. The rate at which technology has evolved and been adopted has, at times, left security analysts scrabbling to catch up – which, in turn, has created significant risks.

First a little history: I’m one of the many people who came to work for Symantec via acquisition. I used worked for @stake in Europe for a number of years before the acquisition as a...

Zulfikar Ramzan | 28 Aug 2007 07:00:00 GMT | 0 comments

Michael Dolan, a phisher who targeted AOL over the course of fiveyears recently pleaded guilty to two criminal counts that the's office brought against him. The first count was a conspiracyto commit fraud and the second count was aggravated identity theft.

Dolan's "career" spanned from 2002 to 2006 and mostly involvedgetting victims to install a Trojan program that would prevent themfrom logging into their AOL account without providing additionalsensitive information like credit card and Social Security numbers.When caught, he had private and financial information for 96individuals.

On the one hand, I think this is a great victory for the Departmentof Justice. I believe that legal actions are one of the importantchannels we need to consider when addressing the problem of phishing.After all, phishing is ultimately a financial crime, and to the extentthat we can make it more risky and less profitable, we cansubstantially reduce instances of phishing.

Ollie Whitehouse | 27 Aug 2007 07:00:00 GMT | 0 comments

Recently I bought a NAS (Network Attached Storage) solution for hometo manage backups for the ever increasing number of storage devices weall seem to be accumulating. I did as most people would and selected aconsumer solution from a well-known brand. The brand name on the box,as is not unusual in this day and age, was not the actual developer ofthe underlying reference design. Instead the system was developed by athird-party, including the controller and remote management software,which was subsequently modified to support some proprietary LEDs andgave the company license to slap their logo on it by the name on thebox.

Anyway, this solution was built using GPL software components(Linux, Lighttpd and Perl among others); the vendor and original OEMabided by this license and released all the code on their site(including configurations). I did some digging around and was somewhatdismayed to discover that this product had a number of significantsecurity issues. These...

Ollie Whitehouse | 24 Aug 2007 07:00:00 GMT | 0 comments

Here is a short update to bring this latest chapter in Vista’s security fairytale finally to a close.

On Monday the 13th of August, ATI patched their Catalyst drivers to resolve the vulnerability that PurplePill exploited. ATI should be commended with the speed and agility theyresponded to the issue, although one has to wonder if Microsoft had ahand in this.

It’s still not clear on how they are going to deal with thedistribution of this update (there's some conjecture around usingWindows Update) and revocation of the old driver. Patching it is onething, but...

Joshua Talbot | 24 Aug 2007 07:00:00 GMT | 0 comments

With the dawn of networked computing, users were granted on-demand access to their data and computing infrastructure. The gained connectivity, of course, led to an increased exposure to attacks. Attackers no longer required any physical access to the machines or to the portable media. Establishing a connection to the network (PSTN, Tymnet, DATAPAC or the Internet) and knowing the target’s network address accomplished the same task remotely—thus beginning the information arms race between the attackers and the administrators. While one side was gathering information for gaining access and circumventing restrictions, the other was trying to patch vulnerabilities and protect their assets.

During this time, factions began to...