Guide to Scary Internet Stuff

Finally, some help with explaining internet security to my non-geek friends! The Guide to Scary Internet Stuff video series will hopefully make my life a little easier. Explaining the intricacies of Internet security is a challenging task. I often have difficulty explaining to my non-technical friends and relatives why they need to know about risks on the Internet. On top of that, I sometimes discover that my advice has fallen on deaf ears as I inevitably fix their computers after a click on a spam or phishing link, or after they have not run Windows Update or updated their antivirus software in a while.

Although this is not the normal technical type of material that we post here on the Security Response blog, when Dominic Cook from our UK PR team showed me these, I immediately thought they were worth a post. The animations are fun, but most of all I think my friends will understand them, remember some of the advice, and hopefully be safer online after watching them…although that remains to be seen

The videos cover all sorts of topics—from botnets to viruses, and everything in between. Have a look for yourself and see what you think, and subscribe to the channel to be notified when new videos are available. Or if you find yourself in my shoes, pass on the videos to those friends and family who you think could benefit from them.

Source:
http://www.youtube.com/user/SymantecEduc

Posted in Internet, Privacy, Security | No Comments

Most security products fail to perform

Nearly 80 percent of security products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving certification, according to a new ICSA Labs report. The “ICSA Labs Product Assurance Report” – co-authored by the Verizon Business Data Breach Investigations Report research team – details lessons gleaned from testing thousands of security products over 20 years.

The report found the number one reason why a product fails during initial testing is that it doesn’t adequately perform as intended. Across seven product categories core product functionality accounted for 78 percent of initial test failures. For example, an anti-virus product failing to prevent infection and for firewalls or an IPS product not filtering malicious traffic.

The failure of a product to completely and accurately log data was the second most common reason. Incomplete or inaccurate logging of who did what and when accounted for 58 percent of initial failures.

The report findings suggest that logging is often considered a nuisance and undervalued. According to the report, logging is a particular challenge for firewalls. Almost every network firewall (97 percent) or Web application firewall (80 percent) tested has experienced at least one logging problem.

Source:
http://www.net-security.org/secworld.php?id=8506

Posted in Hardware, Internet, Networking, Privacy, Security | No Comments

Researcher busts into Twitter via SSL reneg hole

A Swiss grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer protocol.

The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. When the flaw surfaced last week, many researchers dismissed it as an esoteric curiosity with little practical effect.

For one thing, the critics said, the protocol bug was hard to exploit. And for another, they said, even when it could be targeted, it achieved extremely limited results. The skepticism was understandable: While attackers could inject a small amount of text at the beginning of an authenticated SSL session, they were unable to read encrypted data that flowed between the two parties.

Despite those limitations, Kurmus was able to exploit the bug to steal Twitter usernames and passwords as they passed between client applications and Twitter’s servers, even though they were encrypted. He did it by injecting text that instructed Twitter’s application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted.

Source:
http://www.theregister.co.uk/2009/11/14/ssl_renegotiation_bug_exploited/

Posted in Internet, Networking, Privacy, Security | No Comments

New Flash Attack Has No Real ‘Fix’

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash — and there’s no simple patch for it.

The attack can occur on Websites that accept user-generated content — anything from Webmail to social networking sites. An attacker basically takes advantage of the fact that a Flash object can be loaded as content onto a site and then can execute malware from that site to infect and steal information from visitors who view that content by clicking it.

“Everyone is vulnerable to this, and there’s nothing anyone can do to fix it by themselves,” says Michael Murray, CSO for Foreground Security, which today posted demonstrations of such an attack against Gmail, SquirrelMail, and cPanel’s File Manager. “We’re hoping to get a message out to IT adminstrators and CIOs to start fixing their sites one at a time.”

An attacker could upload malicious code via a Flash file attachment or an image, for instance, and infect any user that clicks on that item to view it. “If I can trick a system to let me upload anything, I can run code in any browser, and Adobe can’t fix this,” Murray says. “If I can upload a picture to a site and append it with Flash code to make it look like an image, once a user views that, the code executes and I can steal your cookies and credentials.”

The only thing close to a “fix” is for the Website to move its user-generated content to a different server, according to Michael Bailey, the senior researcher for Foreground Security who discovered the attack. Facebook already does this, he says, which makes the popular social networking site immune to hosting this type of attack.

Source:
http://www.darkreading.com/security/showArticle.jhtml?articleID=221700036&cid=RSSfeed

Posted in Internet, Security | No Comments

HookSafe Rootkit Protection

Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance.

The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that’s tightly locked down. The researchers, from Microsoft and the computer science department at North Carolina State University, plan to present their findings Thursday at the 16th ACM Conference on Computer and Communications Security.

The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6-percent reduction in performance benchmarks, making HookSafe “the first system that is proposed to enable large-scale hook protection with low performance overhead,” the researchers said.

Rootkits that rely on a method known as kernel object hooking involve modifying kernel data hooks. Because they are scattered throughout the operating system memory, and often co-mingled with other kernel data, they are generally hard to protect. Scientists have dubbed the problem the “protection granularity gap” because effective protection requires byte-level granularity while commodity computers allow only for protection at the much broader page level.

The researchers worked around this limitation by relocating almost 5,900 kernel hooks scattered across 41 physical pages to a page-aligned central location. They then used a “thin hook indirection layer to regulate accesses to them with hardware-based page-level protection.”

They tested the protected system against nine rootkits written for the Linux 2.6 kernel. Seven of them failed to install at all thanks to the memory protection, while the remaining two failed to hide themselves because of the hook indirection.

Source:
http://www.theregister.co.uk/2009/11/11/hooksafe_rootkit_protection/

Posted in Linux, Security, Software | No Comments