Privacy, Security Archive

The security guys at Microsoft are posting about how MS SQL 2005 didn't had any security vulnerabilities at all (you can check Secunia to confirm it). The secret? Apparently, like in other products (no, IE is not part of those products, its core is 5 years old after all), the real difference has been in that they've applied the "Security Development Lifecycle".

Earlier this year, stealth malware researcher Joanna Rutkowska created a stir at the Black Hat Briefings when she demonstrated a way to infect Windows Vista with a rootkit and introduced Blue Pill, a new concept that uses AMD's SVM/Pacifica virtualization technology to create '100 percent undetectable malware'. In this interview with eWEEK senior editor Ryan Naraine, Rutkowska talks about her interest in computer security, the reality of stealth malware threats, the risks associated with hardware virtualization and why the anti-virus industry comes up short.

"The security industry and trade press have directed a lot of attention toward the 'Zero-day attack', promoting it as THE threat to guard against. According to the marketing hype, the Zero-Day attack is the one that you should most fear, so you must put in place measures to defend your organization from it. The Zero-Day threat is born the moment a vulnerability is publicly announced or acknowledged. But what about the period of time that the threat existed before being announced. At StillSecure we call this class 'Less-Than-Zero' threat. In this two-part series I'll examine this Less-Than-Zero threat, compare it to the Zero-Day threat, and discuss ways to protect yourself from Less-Than-Zero attacks and vulnerabilities for which patches, signatures, etc., do not yet exist."

Softpedia posted today a small review of three anti-virus software that are free to use, complete with screenshots. Consider using Microsoft's or Adaware's anti-spyware utilities too to keep your XP healthy.

pfSense is a open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD's ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features. pfSense version 1.0 was released today.

Computer code that exploits a flaw in Apple's Mac OS X was released over the weekend. The code takes advantage of a weakness in core parts of Mac OS X and could let a user gain additional privileges. Apple provided a fix for the error-handling mechanism of the kernel last week, but the exploit appears to have been authored before then. "It appears to have been written well before the vulnerability was fixed," said Dino Dai Zovi, a researcher with Matasano Security who was credited by Apple with discovering the flaw when the patch was released. Obviously anything but spectacular (since it's fixed), but it does raise the age old question: will the growing popularity of both Linux and OS X lead to more of these exploits-- possibly one that does get released 'in time'?

Symantec has previously complained that Vista's PatchGuard kernel-protection technology might limit Symantec's ability to protect the kernel with its own software. But what do other security vendors think? Yesterday Sophos' Ron O'Brien told BetaNews that "Nothing about the way PatchGuard works would hinder Sophos' architecture for an enterprise security suite. In fact, he argued, if Microsoft wants to use its own methods to close off the kernel, that's a good thing."

"The goal of this howto is building a NFS server that works on an SSH tunnel. This way all traffic between your hosts and the file server is encrypted and thus more secure. Normally you should enter a password every time you try to establish a SSH connection but since we could be mounting at bootup we will use ssh-keygen to create a keypair so we can login without entering a password. We will, however, limit that login session to executing just 1 command."

"This article shows how to install and run OSSEC HIDS, an open source host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response. It helps you detect attacks, software misuse, policy violations, and other forms of inappropriate activities."

"Is Browser Security getting better? That is tough to say but Firefox is definitely not leading the way. Despite all the hype, despite all the Myths, Firefox 1.x has a worse security record so far in 2006 than Internet Explorer 6.x."

Consumers now are getting more for less of their money when they buy security software. Microsoft's entry into the consumer security software arena in late May has made PC protection cheaper, according to data from The NPD Group. At the same time, security products are becoming more comprehensive, analysts said.

IT professionals need to strike a balance between user freedom (such as letting them install any app they want) and keeping a predictable and safe computing environment. Several network admins give their advice about the best way to find and maintain that balance - with tech tips for each operating system.

"Blue Pill is the prototype resulting from a security study made by Joanna Rutkowska, which took advantage of new virtualization capabilities of AMD processors (known as SVM and previously as Pacifica) to inject a rootkit in a running Vista operating system. Ms Rutkowska claimed a malware using this method is undetectable. Virtualization.info met Anthony Liguori, Software Engineer at IBM's Linux Technology Center, and, most of all, one of the men behind the Xen hypervisor, to finally debunk the Blue Pill undetectabiliy myth."

"You've probably heard of full disclosure, the security philosophy that calls for making public all details of vulnerabilities. It has been the subject of debates among researchers, vendors, and security firms. But the story that grabbed most of the headlines at the Black Hat Briefings in Las Vegas last week was based on a different type of disclosure. For lack of a better name, I'll call it faux disclosure. Here's why."