Category: Patches



There has been a large amount of security information and recent attacks posted in the media.  We have Mandiant’s report on China as well as several issues concerning Java.  The pure volume of information over the past year has made it difficult to keep up without a combination sources.  As a result InfoSecAlways has done a few modifications to the site.  Please check out the new “Security Feeds” in the right column (4th Block Down).  This is a combination of about 20 different security RSS feeds piping into the blog now.  You can check the site daily to get the latest news and updates in the industry.

Also, check out the links page as there are several new Threat and Vulnerability links added.  These are great if you are looking for specific attacks, breaches, or threats.

More on MAC Security


So it appears Gartner has something to say about MAC security too.  Here is an interesting article building on the MAC security issue.  It’s just a matter of time before a major attack happens that hits the MAC platform.  Another interesting tidbit is that the article points out that “Mac’s generally have to be patched one at a time”.  Don’t get me wrong using both Macs and PCs can be good if the overall strategy supports security, but the key here is not to have a false sense of security.

 

 http://news.yahoo.com/s/infoworld/20071228/tc_infoworld/94177;_ylt=AmF8ijFNlThIuDkLJJ6MHJEE1vAI


An article was recently published about the Army adding Macs to improve security.  Although diversifying vendors will usually make you more secure if used to support a defense-in-depth strategy, the context of the article supports a lack of knowledge or evidence to support the statements made on the Army’s part. 

Article in Full:

http://news.yahoo.com/s/nf/20071224/bs_nf/57382;_ylt=AtIAHN4BI3dTDzpNM.n7xA8E1vAI

 

There is one particular statement that is worrisome whereas the Army security spokesperson has been quoted “Apple’s version of Unix is inherently more secure than Windows”.  Now I don’t claim to know all the facts but if you look at the links provided below the Mac OSx falls behind in 2007 and in the year 2004 has less advisories, but remains equally comparative percentage wise in regards to the number of critical vulnerabilities.

 

2007 Stats:

http://blogs.zdnet.com/security/?p=758

2004 Stats:

http://www.techworld.com/security/news/index.cfm?newsid=1798

 

Fortunately the article has a counter argument by Charlie Miller at the end supporting the fact that the Army needs to step it up with more than Macs when it comes to security strategy.  He comments about Mac being “behind the curve in security”.  Also has a great reference stating “In the story of the three little pigs, did diversifying their defenses help? Not for the pig in the straw house.”  On the other hand diversifying is good if you use one product to back up the function of another project in the event one fails.  So even though the pigs straw house was destroyed if that third pig could get to the brick house it would still survive.


On strategic risk assessments not testing the anti-virus signatures before being deployed should be considered a vulnerability.  Many of my customers believe this is ridiculous and not practical, however I report it anyway.   Whatever the case, the organization has the decision to accept the risk, as I am only there to point it out.  There is a great example published where a routine update caused serious problems forcing customers to have to re-install the operating system.

 http://news.yahoo.com/s/zd/20071206/tc_zd/221141;_ylt=AhIN_X.SMrgYGlzdK7zmNe8E1vAI

So you decide.  Should Anti-virus software be tested before deployment.


Its about time!  Foundstone Professional Services has been added to the Avert Labs research blog.  So now the makers of all the free hacking tools are accessible online.  Check it out there are already some great posts. 

 http://www.avertlabs.com/research/blog/index.php/category/foundstone/

I’ve also added it as a Blogroll.


I could not help reading the Security 2.0 posts by Mark Curphey and I especially liked the Business Activity Monitoring discussion.  However, I see 2 major enemies that cause us pain every day and put organizations at great risk.  In my mind neither of these has been addressed properly.  

 

Enemy #1: Many internal penetration tests obtain the admin or root access by guessing passwords. 

Enemy #2: What do I say? Unpatched systems are an initial point of entry for many attacks both internally and externally.  Tools like Metasploit make it even easier.

   

Of course I’m not throwing out statistics, but I see first hand the results weekly.   One can only hope that the Security 2.0 solution addresses the problems with passwords and patches.

Follow

Get every new post delivered to your Inbox.