Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Ben Nahorney | 31 Aug 2007 07:00:00 GMT | 0 comments

About a year ago we wrote about misleading applications and the business models behind them.Misleading applications, also commonly known as “rogue antispyware”applications, claim to detect and remove threats from your computer.What they actually do instead is report threats on clean computers andrequest payment for removal of these non-existent threats. Today, theirnumbers are on the rise, making up a larger portion of the securityrisks in the threat landscape. For example, we have discovered morethan 40 new misleading applications since June 2007.

So how have they risen to such prominence? Misleading applicationsplay upon a user’s concern that malicious threats may reside on his orher computer. “Your computer may be at risk!” is the overriding themewhen a user encounters one of these risks. The irony is that themisleading application itself...

Ollie Whitehouse | 30 Aug 2007 07:00:00 GMT | 0 comments

With the airline industry being as competitive as it is, many of today's airlines are in the process of implementing lavish in-flight entertainment systemsthat offer a wide range of options including TV, movies, music andgames. Gone are the days where they tossed you cheap headphones wrappedin plastic and that was it. Of course, to deliver all this rich mediacontent, the underlying embedded systems need to have the power todeliver, so it’s no surprise that several are running on Linux.

Coincidentally, I just put up a rant…er, commentary… around embedded systems securityand how it seems to be down there in the priority list with poshchocolate biscuits and free soda. While we're all waiting for such thisutopia to arrive, in the meantime, I can think...

Brian Hernacki | 30 Aug 2007 07:00:00 GMT | 0 comments

So far in this series, I've posted a blog that talked about municipal Wi-Fi security in general and a second blog that talked specifically about Wi-Fi network identification. In this post, I want to cover muni Wi-Fi network authentication. There are essentially two parts involved with Wi-Fi authentication. The first part is how you authenticate to the network and the second is how the network authenticates to you.

Most people are familiar with the first part. Many Wi-Fi networks will dump your browser to a login page where they ask for a username and password, or even a credit card number to use to bill you. Some of the more secure networks will ask you to provide authentication information more directly. I have seen muni...

Ollie Whitehouse | 29 Aug 2007 07:00:00 GMT | 0 comments

Yes this could be a 500 page book, but I’m going to try to present the future of security in fewer than 1,200 words.

Up to now in this anniversary series, my fellow Symantecites have been discussing what has happened over the past 25 years around security and how Symantec and the industry have grown to meet these challenges in a number of areas, from malicious code and vulnerabilities through to modern day threats such as phishing. We’ve come from a world of floppy disks and modems into a world so connected and converged that few of us could have imagined how it would have become so in such a short time. The rate at which technology has evolved and been adopted has, at times, left security analysts scrabbling to catch up – which, in turn, has created significant risks.

First a little history: I’m one of the many people who came to work for Symantec via acquisition. I used worked for @stake in Europe for a number of years before the acquisition as a...

Zulfikar Ramzan | 28 Aug 2007 07:00:00 GMT | 0 comments

Michael Dolan, a phisher who targeted AOL over the course of fiveyears recently pleaded guilty to two criminal counts that the U.S.attorney's office brought against him. The first count was a conspiracyto commit fraud and the second count was aggravated identity theft.

Dolan's "career" spanned from 2002 to 2006 and mostly involvedgetting victims to install a Trojan program that would prevent themfrom logging into their AOL account without providing additionalsensitive information like credit card and Social Security numbers.When caught, he had private and financial information for 96individuals.

On the one hand, I think this is a great victory for the Departmentof Justice. I believe that legal actions are one of the importantchannels we need to consider when addressing the problem of phishing.After all, phishing is ultimately a financial crime, and to the extentthat we can make it more risky and less profitable, we cansubstantially reduce instances of phishing.

...
Ollie Whitehouse | 27 Aug 2007 07:00:00 GMT | 0 comments

Recently I bought a NAS (Network Attached Storage) solution for hometo manage backups for the ever increasing number of storage devices weall seem to be accumulating. I did as most people would and selected aconsumer solution from a well-known brand. The brand name on the box,as is not unusual in this day and age, was not the actual developer ofthe underlying reference design. Instead the system was developed by athird-party, including the controller and remote management software,which was subsequently modified to support some proprietary LEDs andgave the company license to slap their logo on it by the name on thebox.

Anyway, this solution was built using GPL software components(Linux, Lighttpd and Perl among others); the vendor and original OEMabided by this license and released all the code on their site(including configurations). I did some digging around and was somewhatdismayed to discover that this product had a number of significantsecurity issues. These...

Ollie Whitehouse | 24 Aug 2007 07:00:00 GMT | 0 comments

Here is a short update to bring this latest chapter in Vista’s security fairytale finally to a close.

On Monday the 13th of August, ATI patched their Catalyst drivers to resolve the vulnerability that PurplePill exploited. ATI should be commended with the speed and agility theyresponded to the issue, although one has to wonder if Microsoft had ahand in this.

It’s still not clear on how they are going to deal with thedistribution of this update (there's some conjecture around usingWindows Update) and revocation of the old driver. Patching it is onething, but...

Joshua Talbot | 24 Aug 2007 07:00:00 GMT | 0 comments

With the dawn of networked computing, users were granted on-demand access to their data and computing infrastructure. The gained connectivity, of course, led to an increased exposure to attacks. Attackers no longer required any physical access to the machines or to the portable media. Establishing a connection to the network (PSTN, Tymnet, DATAPAC or the Internet) and knowing the target’s network address accomplished the same task remotely—thus beginning the information arms race between the attackers and the administrators. While one side was gathering information for gaining access and circumventing restrictions, the other was trying to patch vulnerabilities and protect their assets.

During this time, factions began to...

Nicolas Falliere | 23 Aug 2007 07:00:00 GMT | 0 comments

The latest variants of Peacomm, detected as Trojan.Peacomm.C (or proactively, as the usual Trojan.Packed.13), have introduced some interesting changes in the way they infect a machine.

As was written in a previous blog entry ,Peacomm spam entices users to visit a Web page containing a link to afile applet.exe. This Web page also embeds an obfuscated JavaScriptroutine that tries to exploit a Windows Media Player vulnerability, incase the user decided – very wisely – not to download and run the socalled “Secure Login Applet”. If the vulnerability is exploitedsuccessfully, a small file will be downloaded on the compromisedmachine, which will in turn download applet.exe. Both files aredetected as Trojan.Packed.13.

When...

Ken Gonzalez | 23 Aug 2007 07:00:00 GMT | 0 comments

Over the past twenty-some years, ITIL® (IT Infrastructure Library) has gone from just another good idea to the development of a major movement within the IT universe. The version that most people know today as ITIL (often referred to as ITIL v2), is defined within the two Office of Government Commerce (OGC, U.K.) publications – Service Delivery (the “Red book”) and Service Support (the “Blue book”). In these publications the 10 core ITIL processes and Service Desk functions are described in (more or less) self-contained blocks. In this world, things were relatively simple. Process areas roughly mapped on to how many organizations could structure their job roles and thus make parts of the framework operational relatively quickly. As a result, many organizations adopted ITIL as their framework of choice and in a very real...