antiworm

In a simple demonstration, a hapless team discovers the truth. "Your server is vulnerable. It's already been cracked. Oh, and by the way, it's already distributing malware for a botnet." A Big Case of Oops! Attitude of management in many organizations is one of the biggest barriers to improved security on the internet. People simply don't want to believe that their systems are vulnerable. Denial is pervasive, and affects organizations from the biggest of the Fortune 500 or Federal government agencies, down to modestly sized companies, local governments, and non-profit corporations. The attitude of the unnamed client described at the "Following the White Rabbit" blog (link above) is all too common. I suspect that an underlying cause is that people want to believe several things that worked pretty well from an evolutionary perspective, but don't work very well on the internet. When everybody around is a bunch of cave dwellers, consumed entirely with...

That didn't take long, did it? Apparently Microsoft released their "out of band" patch in a hurry because they had already seen exploits "in the wild" for this defect. They guessed a worm couldn't be far behind, and they were right. Gimmiv: New worm feeds on latest Microsoft bug The cycle of patching will never fix this problem. If you are a CIO or manager of an enterprise or government network which has been hit by new worms this week, contact Intrinsic Security to discuss FireBreak AntiWorm. Worms are detected instantly and trapped without signatures.

Microsoft plans to issue an "out of band" patch today, e.g. a patch released on a day other than "Patch Tuesday". Microsoft Security Bulletin Advance Notification Thw defect, which hasn't been publicly described just yet, apparently exists in every version of Windows that anyone who is likely to patch anything actually uses: Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, and Windows Vista. Microsoft describes this update as "critical" which means they know it can be remotely exploited without user intervention (and without exploit chaining, which they don't yet consider to be critical.)

The flaws discovered in DNS recently by Dan Kaminsky have existed for years. He linked several of them together, a concept known as " exploit chaining " to reveal a much more serious flaw. His technique makes it possible to hijack and misdirect a user's web browser to a malicious web site, even in cases where the user types the correct URL. ' That, of course, completely makes a fool of Verisign's Ken Silva, chief technology officer, who's been running around to the press saying irresponsible if not utterly foolish things like: "We have anticipated these flaws in DNS for many years and we have basically engineered around them." Kudos to Mr. Kaminsky, for working in private with the major vendors of DNS server software, who had patches ready to go before the flaw was announced. This kept the script kiddies from having a field day with the vulnerabilities, which were endemic to nearly all DNS servers. Apparently there remain some issues not yet addr...