There
are many sources of news and information regarding information security, in
fact far too many. Thus, we are forced
to be selective as to what we read faithfully, those which we scan the
headlines, and the many that we simply ignore lest we cannot complete our
primary duties. One source that has
proven reliable and informative to me has been the “DHS Daily Open Source
Infrastructure Report”. However, even it
is too much for most of us because of its comprehensive coverage which goes far
beyond our scope of responsibility and/or influence upon the industry in which
we work.
The
DHS Daily Open Source Infrastructure Report covers the publicly reported material
for the preceding day(s) not previously covered. This weekly summary provides a selection of
those items of greatest significance to the InfoSec professional.
Weekly Summary
Could it happen here? How will you deal with it?
35. May 21, IDG News Service – (International) DNS attack downs Internet in
parts of China. An attack on the servers of a domain registrar in China
caused an online video application to cripple Internet access in parts of the
country late on May 20. Internet access was affected in five northern and
coastal provinces after the DNS (domain name system) attack, which targeted
just one company but caused unanswered information requests to flood China’s
telecommunications networks, China’s IT ministry said in a statement on its Web
site. The incident revealed holes in China’s DNS that are “very strange” for
such a big country, said the head of Kaspersky’s Virus Lab in China. Internet
access returned to normal in the late night several hours later, according to
the government statement. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9133376&taxonomyId=17&intsrc=kc_top
Does your business depend upon mobile
devices? If so, you best keep pace with
the following!
38. May 26, National Science Foundation – (National) Viral epidemics poised to go mobile. While
computer viruses are common, there have been no major outbreaks of mobile phone
viral infection, despite the fact that over 80 percent of Americans now use
these devices. A team headed by the director of the Center for Complex Network
Research at Northeastern University set out to explain why this is true. The
researchers used calling and mobility data from over six million anonymous
mobile phone users to create a comprehensive picture of the threat mobile phone
viruses pose to users. The results of this study, published in the May 22 issue
of Science, indicate that a highly fragmented market share has effectively
hindered outbreaks thus far. Further, their work predicts that viruses will
pose a serious threat once a single mobile operating system’s market share
grows sufficiently large. This event may not be far off, given the 150 percent
annual growth rate of smart phones. This study builds upon earlier research by
the same group, which used mobile phone data to create a predictive model of
human mobility patterns. The current work used this model to simulate Bluetooth
virus infection scenarios, finding that Bluetooth viruses will eventually
infect all susceptible handsets, but the rate is slow, being limited by human
behavioral patterns. This characteristic suggests there should be sufficient
time to deploy countermeasures such as antiviral software to prevent major
Bluetooth outbreaks. In contrast, spread of MMS viruses is not restricted by
human behavioral patterns, however spread of these types of viruses are
constrained because the number of susceptible devices is currently much
smaller. Source: http://www.usnews.com/articles/science/2009/05/26/viral-epidemics-poised-to-go-mobile.html
Are you prepared for another
worm attack?
28. May 25, SiliconRepublic.com – (International) ‘Gumblar’ virus could be bigger
than Conficker worm. A new malware virus is on the loose and within days
has become accountable for half the malware on the web. It is particularly
vicious because it targets Google users in particular. The worm, also known as
JSRedir-R, attacks computers through vulnerabilities in Adobe PDF reader and
Flash player. By last week, more than half of all malware found on websites was
identified as Gumblar, with a new webpage infected every 4.5 seconds. The worm
redirects the user’s Google search results to sites that download more malware
onto the machine or allow criminals to conduct phishing attacks to steal login
details. It has begun to spread on sites where passwords or software have been
previously compromised and visitors are infected without realizing it. It is
believed the malicious worm draws its code from a webpage based in China. Once
cybercriminals are in possession of a victim’s FTP credentials, any sites that
the victim manages can also be targeted for compromise — a common malware
propagation tactic, said IT security firm ScanSafe. Source: http://www.siliconrepublic.com/news/article/13025/cio/new-worm-to-rival-conficker
And you thought Twitter usage is
harmless!
35. May 26, ZDNet – (International) Twitter API ripe for abuse by Web
worms. A security researcher is warning that the Twitter API can be
trivially abused by hackers to launch worm attacks. The red-hot social
networking/microblogging service has been scrambling to plug cross-site
scripting and other Web site vulnerabilities to thwart worm attacks but, as a
researcher points out, it is much easier to misuse the Twitter API as a “weak
link” to send worms squirming through Twitter. The researcher, well-known for
his research work on browser and Web application vulnerabilities, draws
attention to the fact that a single vulnerability on any of the third-party
services (Twitpic, etc.) that use the API can trigger the next Twitter worm.
Source: http://blogs.zdnet.com/security/?p=3451