There was plenty of talk about the latest threats at the RSA Conference in San Francisco this past week. Here are a few of the highlights discussed at the show.
The RSA Conference is much more
vendor-driven than shows such as Black Hat and ShmooCon, but there is always
room for talk about security vulnerabilities and threats
in the wild.
This year, discussion
of the threat landscape
touched on everything from browser hijacking to
wireless security to attacks on VOIP (voice over IP). More than one presenter
during the conference spoke of the idea of assuming that computers in your
network have been compromised.
In fact, in one presentation, Ed Skoudis, senior consultant for InGuardians,
and Johannes Ullrich, chief research officer of the SANS Internet Storm Center,
outlined a number of attacks targeting enterprise networks.
Among the attacks the two highlighted was the well-known "pass-the-hash"
technique, a method used to compromise machines by checking a user's
cryptographic hash instead of their password. The duo also highlighted attacks
on VOIP as well as how hackers can infect Windows machines through drive-by
downloads, turn on their wireless interfaces and use them in attacks from long
distance without using radio frequency.
While the latter is difficult to execute in Windows XP, Skoudis said the API
in Vista and Windows 7 makes it "relatively easy" to
write code that talks to the wireless interface. Organizations can defend
against these attacks by using two-factor authentication on their WLAN (wireless
LAN) and separating the wireless and wired
networks through VLANs (virtual LANs) or separate physical networks, he added.
are bots installed
in most enterprises," Skoudis declared. "My point here
is instead of spending 90 percent of your security budget on prevention, take
some of that-not a large amount of it, but take 5 or 10 percent of it-and
rededicate it to identification and eradication. Find the bad guys in your
midst and root them out. The fact of the matter is, if you do that, that should
help you with your prevention in the first place because you are limiting the
bad guys' ability to stay hidden and act in your network."
The concept of browser hijacking also received attention at RSA.
David Barruso, e-crime director at S21sec, noted that browser hijacking is
being done by three main malware families. Typically, users are affected by
drive-by downloads, he said.
"There are many banks affected by [this]," he explained after his
To mitigate this, users should make sure their browsers and programs are
fully patched, as well as utilize anti-virus, he advised.