Video Screencast Help
Security Response
Showing posts in English
John McDonald | 10 Sep 2007 07:00:00 GMT | 0 comments

A new variant in the family of worms Symantec calls "Pykspa" - W32.Pykspa.D- is targeting Skype Instant Messenger. It spreads by using Skype'schat function, sending a message to contacts containing a link to whatappears to be a harmless .jpeg file, but if clicked on actuallydownloads and runs a copy of the worm on the user's computer. In anattempt to mask this innocuous activity the worm displays a legitimateWindows image (if it exists on the victim's machine), the bitmap fileSoap Bubbles.bmp, contained by default in the Windows installationdirectory. So if you saw the below image recently after clicking on alink contained in a Skype message from someone, chances are yourmachine is infected.


To make matters worse the...

Ollie Whitehouse | 07 Sep 2007 07:00:00 GMT | 0 comments

In my last post on the subject of Vista versus the battle of vulnerable and malicioussigned drivers, I said there was some conjecture about whetherMicrosoft was going to use Windows Update to distribute a patch for avulnerable ATI driver. Elia Florio on our Security Response Operations team in Ireland sent me a link to a notice at ISC which showed this is indeed what they are doing. The link to the AMD notice shows this is indeed meant to resolve the security issue.

It is kind interesting that Microsoft...

Jeremy Ward | 06 Sep 2007 07:00:00 GMT | 0 comments

At the Open Group meeting in Austin a couple of weeks ago, I attended the workshops on IT risk assessment. Pretty dull, eh? In fact, this topic produced some of the liveliest debate I’ve ever had at a conference.

Unless you specialize in this area, you may think that risk assessment is pretty well sewn-up. You couldn’t be more wrong. Get 50 practitioners in a room and you will have 50 different methodologies for assessing IT risk. The trouble is that nearly all of them will be subjective – the outcome of any risk assessment exercise is most likely to be ‘high’, medium’ or ‘low’. Even when it’s an apparently objective number -- 54,821, for example – you don’t learn all that much. Try going to your board and telling them that their IT risk is 54,821 and their eyes are likely to glaze over very quickly! Any attempt to calculate ‘annual loss expectancy’, although valiant, only results in trouble when the degree of variability is larger than the sum itself!

So we urgently...

Ken Gonzalez | 05 Sep 2007 07:00:00 GMT | 0 comments

As I mentioned in my last blog entry, the version that most today know as ITIL® (often referred to as ITIL v2), is defined within the two Office of Government Commerce (OGC, U.K.) publications – Service Delivery (the “Red book”) and Service Support (the “Blue book”). In these publications, the 10 core ITIL processes and Service Desk functions are described in (more or less) self-contained blocks. In this world, things were relatively simple. I’ll start off our examination of ITIL v3 from the (more familiar) process-centric perspective.

As of now, there is no official count of authoritative list from OGC of which processes should be considered as the ITIL v3 core. Unfortunately, this pushes that responsibility on to the readers’ shoulders and I assure you that this is not an easy task...

Kelly Conley | 05 Sep 2007 07:00:00 GMT | 0 comments

The September State of Spam Report is out and includes several interesting highlights and trends seen inAugust. Some highlights in this report include an update on the stateof PDF spam, different variations that have been observed in e-cardspam tactics, including fake YouTube sites, as well as insight intosome new and novel tactics that were observed by Symantec during August.

Where did PDF spam go? Highlighted in a previous postas an emerging trend, PDF and other attachment spam reached a high inearly August but closed out the month with record lows. First seen inJune of 2007 with PDF files, attachment spam grew to encompass PDF, XLSand RAR files. By Early August, this spam type was seen in 20 percentof all...

Jeremy Ward | 04 Sep 2007 07:00:00 GMT | 0 comments

Is the public sector bothered about IT risk? Although it’s a hot topic, as we saw at RSA in February, surely the public sector is more worried about saving money and meeting government targets? Well, yes – but one of the best ways of doing this is to ensure your IT systems operate efficiently and can deliver the services the public want, when they want them, not just when your offices are open. Shared services save money too – but mean sharing the security pain as well as the productivity gain. All this means more IT risk.

Symantec recently released the latest in-depth study taken from its IT Risk Management Report. This is a mini-report on findings from the public sector. The report looks at how IT professionals in the public sector view sources of IT risk and the effectiveness of the controls used to manage it. The report is based on feedback from 77 IT professionals in...

Peter Coogan | 31 Aug 2007 07:00:00 GMT | 0 comments

The recent release of the eagerly anticipated Bioshock game lead togamers getting another kind of shock. Bioshock is a hybrid first-personshooter/RPG from Irrational Games. A rumor had circulated that theBioshock game comes loaded with a rootkit. After investigation Symanteccan confirm that this is not true.

The rumor seems to have started after Microsoft’s RootkitRevealerfound a “SecuROM” registry setting that it found suspicious after theBioshock game had been installed. SecuROM just so happens to be ownedby Sony who after all had started the whole rootkit outrage with theirmusic CDs.

The secuROM installation creates a folder and a registry key with anull character which prevents users from accessing/deleting the keyfrom the registry. This is to assist with disc authentication andpiracy. It is however not a rootkit.

Ben Nahorney | 31 Aug 2007 07:00:00 GMT | 0 comments

About a year ago we wrote about misleading applications and the business models behind them.Misleading applications, also commonly known as “rogue antispyware”applications, claim to detect and remove threats from your computer.What they actually do instead is report threats on clean computers andrequest payment for removal of these non-existent threats. Today, theirnumbers are on the rise, making up a larger portion of the securityrisks in the threat landscape. For example, we have discovered morethan 40 new misleading applications since June 2007.

So how have they risen to such prominence? Misleading applicationsplay upon a user’s concern that malicious threats may reside on his orher computer. “Your computer may be at risk!” is the overriding themewhen a user encounters one of these risks. The irony is that themisleading application itself...

Ollie Whitehouse | 30 Aug 2007 07:00:00 GMT | 0 comments

With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.

Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think...

Brian Hernacki | 30 Aug 2007 07:00:00 GMT | 0 comments

So far in this series, I've posted a blog that talked about municipal Wi-Fi security in general and a second blog that talked specifically about Wi-Fi network identification. In this post, I want to cover muni Wi-Fi network authentication. There are essentially two parts involved with Wi-Fi authentication. The first part is how you authenticate to the network and the second is how the network authenticates to you.

Most people are familiar with the first part. Many Wi-Fi networks will dump your browser to a login page where they ask for a username and password, or even a credit card number to use to bill you. Some of the more secure networks will ask you to provide authentication information more directly. I have seen muni...