IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security

The New Attack Pattern


By: Larry Seltzer
2006-12-10
Article Rating:starstarstarstarstar / 0


There are  user comments on this IT Security & Network Security News & Reviews story.



  Table of Contents:
  1. The New Attack Pattern
  2. ' Vulnerabilities for Hire '

Opinion: Danger still lurks, but things have gotten a lot better for the average computer user.

The New Attack Pattern - ' Vulnerabilities for Hire '
( Page 2 of 2 )

Roger Thompson, who built PestPatrol and is now doing other work in testing and development, recognized the pattern a year ago with the WMF vulnerability: Black hat researchers develop new vulnerabilities and sell them to exploiters with an embargo date, meaning they cant be used before that date, which is probably on or shortly after patch day.

To quote Roger:

...what really happened in 2005 was that the Bad Guys got down to business. They dont want to bring the Internet to its knees anymore, they just want to farm it and expand their networks. I think the cleverest of them, the CoolWebSearch gang, have stopped combing the security mailing lists for vulnerability announcements, and have started advertising to buy 0-days "Why give your 0-days up for free? Sell them to us and make money."

In 2006 the most prominent of these vulnerabilities have been in Microsoft Office applications. There have been scores of other vulnerabilities in less-important programs, and perhaps some of these were for hire as well. If youre going to target a small number of networks, an obscure program might be adequate.

There are some important caveats about these vulnerabilities: They are usually addressable by anti-virus programs without a patch of the underlying vulnerability, and they almost always require a social engineering breach to get through.

The anti-virus protection is generally not valuable to the victims of the "very limited, targeted attacks" this is why so many experts have been grumbling about the "death" of the signature-based AV approach lately. But it is valuable to the rest of us because it limits the effective life span of the attacks. And there are many products that attempt to block unknown attacks through a variety of approaches.

The social engineering aspect is an unfortunate constant in security. If you can fool people into performing dangerous actions, you can gain at least some level of access. And when youre targeting a small number of networks, its not hard to imagine an e-mail spoofed to look like its coming from some senior exec to other addresses scraped off of the companys Web site. Its probably not hard to get through to at least a few users. Even so, its still not clear how many of the attacks are successful.

Many experts think its too late to stop botnets. Click here to read more.

So there are still problems, but your likelihood of being attacked has gone down. Your ability to defend yourself has also gone up. You can expect things to change over the next year, as they always do, to adjust to conditions. For instance, if the "patch day=zero day" pattern continues, Microsoft may have to adjust its strategies.

Perhaps patches could move to a more frequent schedule. My moneys on a general tightening of policies to block attacks.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at larryseltzer@ziffdavis.com.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.








 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Larry Seltzer
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 11
 
Close this advertisement