Application firewall appliances: Defending
servers from HTTP-based attacks
By Thomas Powell, Network World
Lab Alliance
Network
World,
To keep tabs on the emerging Web application
firewall market,
we recently reviewed two of the appliance-oriented offerings in
this market - Teros Secure Application Gateway 100SSL Version
3.1 and MagniFire WebSystems TrafficShield Version 2.5.
Please
secure your security device
How
we did it
Archive
of Network World reviews
While other vendors, including Imperva, NetContinuum and Whale
Communications, were invited to participate, all declined for
various reasons. We tested software-based offerings - such as
those Kavado and Sanctum offer - last summer (
see
here ).
It is clear after this - our second - round of Web
application firewall testing that these products are becoming
more capable of addressing application-level
exploits. However, the rough edges of these products means it
will take significant time and effort by administrators and Web
developers to deploy a reasonable security
policy using them.
Teros 100 applies a nice blend of positive and negative
firewall model features that should be capable of protecting all
but the most sensitive applications. On top of its solid
security offering, features that address performance and content
safety make Teros 100 the Network World Clear Choice winner. More....
Worry, worry, worry, worry
By Mark Gibbs
Network
World,
Worry No. 1: Last night I was researching songs
about the Earth for my son's fifth grade class. In the process I
found a Web site that caused my copy of Symantec's Norton
Anti-Virus to go into hysterics.
What Norton found was a threat that the company calls MHTMLRedir.
This is an interesting hacker exploit that, according to
Symantec, involves a Web page containing "specially
crafted, HTML code that can download and execute programs
without prompting you. This threat only affects Microsoft
Internet Explorer."
Symantec went on: "Under normal conditions, Internet
Explorer would prompt you before allowing any executable content
to be downloaded and executed on the system. This vulnerability
in Internet Explorer allows specially crafted HTML to bypass
this security prompt." More....
Cisco investigates source code leak
By Robert Lemos
Staff Writer, CNET
News.com
An unspecified amount of the proprietary source code that
drives Cisco Systems' networking hardware has appeared on the
Internet, the technology giant acknowledged early Monday. While
the company was investigating whether a breach had lead to the
leak, a representative could not confirm whether that network
intruders had made off with the software equivalent of the crown
jewels: some 800 megabytes of the networking giant's source code.
"Cisco is aware that a potential compromise of its
proprietary information occurred and was reported on a public Web
site just prior to the weekend," said Jim Brady, spokesman
for the company. "The Cisco information security team is
looking into this matter and investigating what happened."
Brady could give no further details on the matter.
The leak is the second time this year that a major technology
company's product source code has been made public without
authorization. In February, Microsoft's source code for parts of
Windows 2000 and Windows NT were leaked to the Internet. One
security researcher claimed that he had discovered a minor
Internet Explorer flaw by analyzing that source code. More....
Voice Over IP Can Be Vulnerable To Hackers, Too
Technology managers must remember that Internet telephony is subject to the same worms and viruses thtat threaten other networked systems.
By W. David Gardner, TechWeb News
As voice over IP sweeps across the high-tech landscape, many IT managers are being lulled into a dangerous complacency because they look upon Internet phoning as a relatively secure technology--not as an IP service susceptible to the same worms, viruses, and other pestilence that threatens all networked systems. "With VoIP," security specialist Mark Nagiel said Thursday in an interview, "we're inserting a new technology into an unsecured and unprotected environment. VoIP is essentially availability driven, not security driven, and that's the problem." But
Nagiel, manager of security consulting at NEC Unified Solutions, said that there are measures that can be taken to protect voice over IP from the threats that confront Web telephoning.
More....
Phatbot arrest throws open trade in zombie PCs
By John Leyden, The
Register
The arrest of the suspected author of the Phatbot Trojan could lead to valuable clues about the illicit trade in zombie PCs. The arrest of the alleged Phatbot perp was overshadowed by the unmasking of the admitted Sasser author, Sven
Jaschan. But the Phatbot case may shed the mostlight into the dark recesses of the computer underground.
Phatbot is much less common than NetSky but is linked much more closely with the trade in compromised PCs to send spam or for other nefarious purposes. Viruses such as My-Doom and Bagle (and Trojans such as
Phatbot) surrender the control of infected PCs to hackers. This expanding network of infected, zombie PCs can be used either for spam distribution or as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months. By using compromised machines - instead of open mail relays or unscrupulous hosts - spammers can bypass IP address blacklists.
Phatbot was been used to spam, steal information or perform DDoS attacks, according to Mikko Hyppönen, director of anti-virus research at F-Secure. "You could do anything you wanted with it," he said. Phatbot is a variant of
Agobot, a big family of IRC bots. Hyppönen said people were selling tailor-made versions of the bot for various illegal purposes.
More....
Crackers declare cyberwar on USA
Siegfried
Famous Brazilian newspapers have been informed that a new hacking group composed of worldwide individuals (from Brazil, China, Hong Kong and Russia) has declared cyberwar on the United States of America.Its name is Hackers Against America (HAA) and their web site is hosted on a Russian server. According to what is written on the main page, they plan to integrate new members and launch attacks against computers based in the US (cracking some of them but also use worms, viruses) in order to steal private documents. Some samples of documents and codes are available on the web site, although they don't seem to be secret at all and possible to find by using search engines.
Even if this threat appears to be tiny now, it is probably not a hoax and it could grow in the future, just keep an eye on it.
Gartner warns of
security risks in outsourcing
New Delhi, Deepika
Global
Calling for caution
in outsourcing to low-cost countries, IT analyst firm Gartner has
said companies must identify and manage the security risks before
signing any offshoring agreement.
The key to successful and secure outsourcing agreements is
understanding the security and privacy risks for a business
process, application or technology function early in the
outsourcing decision process, said senior analysts at Gartner Inc.
''An enterprise's security staff should be at the table from the
start of the process and throughout the life cycle of the
outsourcing deal. The security staff should be included in the
operations management functions, working with the vendor's
delivery management staff, as well as the strategic planning
function where standards, architecture and integration decisions
are made,'' Gartner said. More....
Whispering keyboards' could be next attack trend
By Niall McKay, Contributing Writer
| SearchSecurity.com
OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif.
Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri
Asonov.
All that is needed is about $200 worth of microphones and sound processing and PC neural networking software.
More....
Vulnerabilities
