I wish it were easier to do information security than it is. I wish there were a way to make it all go away. But until there is, which is never, there really does have to be a deep, serious and universal commitment from all concerned to ensure violations are limited and systems secure.
From Canada comes the news that a hacker who goes by the name of K2 has created a polymorphic program that in turn hides the tiny programs hackers use to crack system security.
Ian Melamed, chief technology officer, SatelliteSafe
From the point of viruses, the motto has to be: "Can you afford to send your clients a virus?" For, if you cared enough not to compromise your clients, from this departure point you would architect your anti-virus defences so as to prevent the embarrassing array of incidents that have entered the public domain.
Last week I reported on audiovisual giant Pioneer sending its customers a virus; now we have the grand-daddy of all software companies, Microsoft, sending 26 of its support customers the FunLove virus. It did so through one of the servers it uses to post bug fixes and patches.
The contamination lasted from 19 to 20 April, and Microsoft confirmed the virus had been passed on to the networks of some of its top customers as many as 170 times!
FunLove infects machines running Windows by posing as a system program, and it automatically spreads itself via shared hard drives.
While none of this reflects well on Microsoft - as with the violations we`ve seen in previous weeks - the situation is very much bigger than just Microsoft. One of the main problems of virus control is the lack of control on outgoing messages. Enforcing the ISO 17799 standard for Information Security Management is a MUST in our e-mail/e-commerce environment.
* It`s never been easier to be a cracker. IT vendors and system administrators don`t do their homework, leaving systems wide open; and there is a massive underground network of people developing widely available hacking and cracking tools. The latest is SMBRelay; it exploits a well-known flaw in Windows NT and Windows 2000 to hijack NetBIOS connections. Such tools are commoditising the issue of cracking, effectively taking it into the mainstream, and that has to be appallingly bad news. SMBRelay, created by Sir Dystic of the Cult of the Dead Cow, insinuates the attacker between client and server; it collects the client`s authentication data, terminates the client`s connection to the server and establishes a new connection of its own using the client`s credentials. It takes advantage of a flaw in the Server Message Block protocol used by NT and Windows 2000. This is just one of many new hacking and cracking tools to hit the Web, and what is clear is that a hacker freeware community has arisen to give anyone with the inclination the power to wreak havoc. Add home-based broadband connections, limitless computing power and thousands of IT layoffs with time on their hands and you have the potential for disaster. You have been warned!
* And proof that Eastern Europe is producing some of the best hackers in the world - a group of four Polish hackers has won $50 000 in a hacking challenge at London`s Olympia, a day before the show officially opened. They beat a system which had resisted the best efforts of hackers for three years. The Polish group, LSD (last stage of delirium), cracked the system by exploiting "a hitherto unknown vulnerability of Solaris X86". UK company Argus Systems set up a secure server with its PitBull security system on an X86 system running Solaris 7 together with German security firm Articon Integralis and Fujitsu-Siemens.
* The power of bogus claims on the Internet has been graphically demonstrated again with the claim on a French Internet site that Miss France, Elodie Gossuin, was born a man! It`s soured the Miss Universe pageant, and adds a mean twist to a competition that has had to endure many a claim, including pregnancies and under-age contestants. Naturally, Mademoiselle Gossuin and the pageant officials are denying the claim.
* They`re getting smarter all the time. From Canada comes the news that a hacker who goes by the name of K2 has created a polymorphic program that in turn hides the tiny programs hackers use to crack system security. The technique foils intrusion detection systems that use pattern recognition to detect attacks by continually altering the code of the attack software. This is potentially a technique for keeping hacking exploits constantly fresh and new.
* From the UK`s Defence Evaluation and Research Agency (DERA) comes news of an innovative approach to e-mail viruses: instead of monitoring what comes in, it tries to limit what goes out. DERA claims for itself the invention of radar, LCDs, carbon fibre and flat panel speakers, so its anti-virus claims deserve a hearing. DERA`s product, ::Mail, would alert you and ask for verification every time you send out an e-mail, thereby preventing the spread of I Love You or Anna Kournikova. You would be infected, but no one else. However, the system has come in for scorn, as anti-virus vendors point out that newer-generation viruses such as W32/Magistr-mm can already bypass this mechanism.
(Sources: Silicon.com, CNet, Hacker News Network and MSNBC.)
* Ian Melamed is chief technology officer of SatelliteSafe.
Share