A recap of some of the major IT security news of the past week: Leading the way is a Pentagon official's discussion of America's cyber-security strategy and a 2008 incident he called the "most significant breach of U.S. military computers ever."
cyber-security was in the spotlight this past week when a senior Pentagon
official confirmed an infected flash drive caused the "most significant
breach of U.S.
military computers ever."
Deputy Secretary of Defense William Lynn III discussed
the 2008 incident
in an article for Foreign Affairs magazine.
"That code spread undetected on both classified and unclassified
systems, establishing what amounted to a digital beachhead, from which data
could be transferred to servers under foreign control," Lynn
writes. "It was a network administrator's worst fear: a rogue program
operating silently, poised to deliver operational plans into the hands of an
Lynn also discussed U.S.
cyber-security strategy, and called for public and private partnerships to
On the subject of threats, the number of exploits circulating for the .DLL
affecting scores of applications boomed during the
week. Accompanying the increase in available exploits were revelations about
some of the vulnerable programs, which include apps such as Adobe Photoshop and
Microsoft Word 2007.
Actually fixing affected applications does not appear to be overly
difficult, but the sheer number of vulnerable applications poses a challenge,
Marc Fossi, manager of research and development for Symantec Security Response,
told eWEEK. Raising awareness of among application developers is going to be a
major hurdle, he added.
"According to Microsoft, directly addressing this issue in Windows will
result in the loss of some expected functionality," he said. "As a
result, they are recommending that the onus be on application developers to fix
it. However, we encourage Microsoft to continue to look at ways to address this
issue from a higher level."
A new threat report from Symantec named Rustock the most dominant spam
botnet on the Web-a title it held despite a significant drop-off in the number
of bots under its control.
On the subject of spam, researchers at Sophos and IBM
noted an uptick of spam targeting users with malicious
zip file attachments
. Those who make the mistake of opening the attachments
have been hit with everything from Trojan downloaders to variants of the
infamous Zeus malware.
Researchers at IBM's X-Force also
released a sweeping
during the week that found the number of vulnerability disclosures
during the first half of the year shot up 36 percent compared with the first
six months of 2009. The total number of bugs disclosed during the period was
Leading the way with the most vulnerabilities was Apple, with Microsoft
coming in at No. 2 and Adobe Systems at No. 3.
"The leap in vulnerability disclosures relates to organizations taking
a greater interest in exploitable software bugs as well as attackers continuing
to develop their own infrastructure," Tom Cross, manager of IBM's
X-Force Advanced Research Team, said in an interview with eWEEK. "An area
that both whitehat and blackhat security researchers are focusing on is
automated vulnerability discovery through approaches such as fuzzing.
Predicting disclosure increases into the future is going to be tricky for this
reason, and we may see the occasional plateau or decrease."