« Return to Thread: Advisory #252 - Microsoft (Multiple), QuickTime, PostgreSQL, Multiple News
Advisory #252 - Microsoft (Multiple), QuickTime, PostgreSQL, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #252
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info@... to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 Microsoft (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 4 Days
1.2 QuickTime
- Remote Hacker Automatic Control
- Time Since Discovery - 3 Days
1.3 PostgreSQL
- Remote Hacker Manual Control
- Time Since Discovery - 4 Days
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 Does the new QuickTime 0-day mean Apple has Problems with Patching?
2.2 Ignorance is no Excuse
2.3 Ethical Boundaries in Information Security Research
=====================================
1. SECURITY
1.1 Microsoft (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
Windows 2000, XP, 2003, Vista
-- Technical Description --
MS08-001 - TCP/IP. Arbitrary code execution. Replaces MS06-032.
Critical
MS08-002 - LSASS. Local arbitrary code execution and privilege
escalation. Important
-- Description --
Microsoft delivered two patches as part of the January Security
Update release earlier this week. One patch (MS08-001) has been
rated as Critical and delivers a fix for a previously unknown set of
issues with the Windows TCP/IP stack, while the remaining patch deals
with poor input handling associated with the LSASS service. Both
patches address code execution problems, though only the TCP/IP
issues could be remotely executed.
-- Recommended Action --
All users and administrators should apply the updates at the
earliest opportunity.
-- Source --
http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
http://www.beskerming.com/premium/patch_pack.html
http://store.eSellerate.net/s.asp?
s=STR3448907936&Cmd=CATALOG&CategoryID=9811
-- Updates Available --
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx
-- External Tracking Data --
CVE-ID: CVE-2007-0066 (MS08-001)
CVE-ID: CVE-2007-0069 (MS08-001)
CVE-ID: CVE-2007-5352 (MS08-002)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.2 QuickTime - Remote hacker automatic control
-- Products Affected --
7.3 and prior.
-- Technical Description --
A new vulnerability appears to have been discovered with the RTSP
handling within QuickTime, despite the fixes provided with QuickTime
version 7.3.1.
According to Luigi Auriemma, the vulnerability is a buffer overflow
that can be exploited when the QuickTime media player is retrieving
information about the status of the current rtsp connection. At this
stage it appears that the vulnerability as tested in the proof of
concept only affects the Windows version of QuickTime, but it is
possible that the OS X version is vulnerable as well.
-- Description --
Luigi Auriemma has disclosed the discovery of a new vulnerability
affecting QuickTime's handling of RTSP streams. This issue may be
related to a previous RTSP vulnerability(updated with QuickTime
7.3.1, released in mid-December), but at this stage it appears to
only affect Windows QuickTime versions.
Proof of concept sample code is readily available from the discoverer.
-- Recommended Action --
For all users, it is recommended that they update to QuickTime 7.3.1
(if they haven't already). Early reports suggest that OS X users (at
least 10.5.1) are not vulnerable to this particular issue, but it is
recommended that all users apply caution when interacting with
rtsp:// streams.
-- Source --
Upgrade to view
-- Updates Available --
Upgrade to view
-- External Tracking Data --
Upgrade to view
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.3 PostgreSQL - Remote hacker automatic control
-- Products Affected --
PostgreSQL 7.3, 7.4, 8.0, 8.1, 8.2
-- Technical Description --
Various security vulnerabilities were patched in a set of updates
released for the PostgreSQL RDBMS platform. Five separate
vulnerabilities were patched across all versions from 7.3 through to
8.2.
The vulnerabilities range from a privilege escalation vulnerability
in the Index Functions, through to denial of service in regular
expression libraries, and privilege escalation in DBLink.
PostgreSQL 7.3, 8.0, and 8.1 have also been EOL'ed.
-- Description --
The PostgreSQL Global Development Group has released updated
versions of the PostgreSQL RDBMS, addressing several key
vulnerabilities affecting all versions from 7.3 through to 8.2. The
PostgreSQL developers consider these vulnerabilities to be critical
and strongly recommend that administrators update to the latest
versions as soon as possible.
PostgreSQL developers discovered the vulnerabilities during security
analysis, and have worked to ensure backwards compatibility for
existing data stores with the updated versions.
It should also be noted that PostgreSQL versions 7.3, 8.0, and 8.1
have been EOL'ed and it is recommended that administrators update to
current versions.
-- Recommended Action --
Update to the releases provided by the PostgreSQL development group.
-- Source --
Upgrade to view
-- Updates Available --
http://www.postgresql.org/ftp/binary/
-- External Tracking Data --
Upgrade to view
-- Threat Matrix --
U O
Home User 8 8 (Very High)
Corporate 8 8 (Very High)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 Does the new QuickTime 0-day mean Apple has Problems with Patching?
In the past Microsoft has been criticised for poor vulnerability
patching (by not patching the underlying vulnerability that is
causing a problem and then having to reissue patches as attackers
adjust and attack), and it is a criticism that has also been levied
against Apple with the handling of different mDNSResponder
vulnerabilities. Recently disclosed vulnerability information
regarding another RTSP handling problem in QuickTime could be a sign
of a similar problem brewing. RTSP vulnerabilities were patched no
less than four times in the last twelve months (Security Update
2007-001, Security Update 2007-004, Darwin Streaming Server 5.5.5,
and QuickTime 7.3.1), and it seems that there are still opportunities
for remote code execution within the RTSP code handling routines.
A minor blessing with the latest vulnerability disclosure seems to be
that the vulnerability does not appear to affect the latest version
of OS X (10.5.1), at least according to early reports from third
party testers. It is known that there is partial exploit
functionality on the Windows QuickTime version, but with increased
attention sure to be focussed on the product it may yet be found that
the vulnerability can be extended to the OS X versions. As in the
past, it is recommended that users avoid RTSP data streams until
Apple is able to issue a patch for this latest problem.
2.2 Ignorance is no Excuse
After noted British television presenter Jeremy Clarkson took umbrage
at the massive outcry regarding the loss of personal records for 25
million UK residents he decided to prove that it was an over-reaction
(in his mind) by publishing his bank details in a newspaper column
that he writes. According to Clarkson, the worst that could be done
was that someone would be able to deposit money into his account.
Unfortunately for Clarkson, a reader was able to establish a £500
direct debit to a Diabetes charity, direct from his account. While
this should not have been allowed to take place (the bank should have
required correct proof of identity in order to establish the direct
debit), it was a wakeup call for Clarkson, who acknowledged the
misconceptions that he originally held and recognised that the loss
of personal data can have significant negative effects on those whose
data has been misappropriated.
It is rare to see such a public reversal of opinion on such a matter,
and it is likely to serve as a clear example to many about the risks
associated with the loss or mishandling of personal data.
While the incident is unfortunate, it is highlighting a problem with
the UK banking system. As Clarkson initially pointed out, all someone
should have been able to do would have been to add money to his
account, but the result showed that there is at least one UK bank
that is more than happy to allow money to be withdrawn from an
account without really validating that the account holder is the one
authorising the withdrawal. Some comments have gone as far as to
suggest that the financial industry is complicit in data theft cases
- being too ready to allow the withdrawal of a victim's financial
resources.
2.3 Ethical Boundaries in Information Security Research
With Information Security being such a broad field, without any
formalised coordinating or licensing body, appropriate boundaries for
ethical and professional behaviour and activity can be difficult to
determine. What is ethical to one researcher may be completely
inappropriate to another. What may be generally accepted as
appropriate behaviour at one point in time might be shown later to be
completely inappropriate.
When the burden of becoming the Information Security specialist falls
to people who have little idea of the issues within the field, it can
lead to further problems, as they attempt to reduce the problems and
issues that they face into a format that they recognise and
understand (which isn't always a bad thing - they just need to
recognise when that approach breaks down).
Unfortunately for the Information Security field, the strongest
supporters can also sometimes become the threat that they continually
warn about - a lot of the time completely by accident. The
development and limited release of proof of concept tools is often a
means to rapidly demonstrate a set of risks and aid in the
development of techniques to address them.
It was recently disclosed that one such tool, created by noted
Information Security firm eEye, has had its techniques morphed into
an attack tool by malware authors. In this particular case it had
taken two years for the proof of concept to be morphed into an attack
tool (or at least be publicly discovered).
While it is likely that the techniques would have eventually been
discovered independently, and there is no definitive proof that the
eEye tool was the basis for the new attack code, it does raise the
question as to how much assistance the publication of proof of
concept materials provides to attackers.
It can be argued that the previous example is more beneficial to the
field of Information Security than it is harmful, and that similar
examples are just as valuable. A less clear example has come to light
in recent days, with noted web security expert RSnake issuing a call
for entries in a contest designed to create the smallest XSS worm
that can functionally replicate itself across a network. Arguments
for the contest are centred on the benefits that it will bring to
those studying how such worms can be created and how to defend
against their potential. With increasing coverage of the contest,
there are plenty of arguments being put forward that the approach is
unethical and contributes to the image of Information Security being
full of people who are just as willing to create the problem as they
are to solve it (especially if they helped create it in the first
place).
That isn't the only ethical concern facing Information Security
workers. One of the big selling points that Antivirus companies try
to beat each other on is the number of malware types that they can
detect and handle. Although there are plenty of examples of rootkits,
viruses, and other malware that can easily slip past up to date
antimalware defences, and there are plenty of cases where up to date
antimalware tools have gone off the rails or companies have over-
reported on critical problems (despite what some companies initially
claimed, the exploit code was not publicly released), companies are
still pushing to be number one in detection of numerous malware samples.
F-Secure recently laid claim to one of the largest detection sets, at
half a million distinct malware samples. Although this seems to
correlate to other industry reporting the question posed is just how
many of those samples can truly be claimed as distinct malware. If
the same signature pattern will trigger on multiple variants, that
might only differ in where they send their malicious data or where
they report to, does it really mean that those variants are distinct?
It also seems that antimalware companies are more than happy to move
the boundaries of where they measure their malware from, and with the
inclusion of malware based on JavaScript, HTML, PHP, and which
targets those technologies, it means that their claims for numbers of
malware types detected can be massively increased. This is even more
beneficial for the antimalware companies as the change of a simple
couple of bytes in a lot of these recently added malware types will
allow them to slip past detection relatively simply without radically
changing the exploit effectiveness (which means more added detection
opportunities).
The other interesting point raised by the claims of detections is
that it suggests that efforts to arrest malware developers, close
down their control networks, and provide other legal and paralegal
means of limiting their activities are ineffective. Either that or
malware authors are the biggest growth industry in software
development and they have solved many of the efficiency problems
plaguing large software development firms.
As that is plainly not the case, and the legal efforts are starting
to have some effect on the various malware industries (the Russian
Business Network has effectively been forced offline in the last 12
months), it suggests that the antimalware companies are not being
completely honest in how they identify distinct malware samples.
=======================================
Sincerely,
Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info@... to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 Microsoft (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 4 Days
1.2 QuickTime
- Remote Hacker Automatic Control
- Time Since Discovery - 3 Days
1.3 PostgreSQL
- Remote Hacker Manual Control
- Time Since Discovery - 4 Days
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 Does the new QuickTime 0-day mean Apple has Problems with Patching?
2.2 Ignorance is no Excuse
2.3 Ethical Boundaries in Information Security Research
=====================================
1. SECURITY
1.1 Microsoft (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
Windows 2000, XP, 2003, Vista
-- Technical Description --
MS08-001 - TCP/IP. Arbitrary code execution. Replaces MS06-032.
Critical
MS08-002 - LSASS. Local arbitrary code execution and privilege
escalation. Important
-- Description --
Microsoft delivered two patches as part of the January Security
Update release earlier this week. One patch (MS08-001) has been
rated as Critical and delivers a fix for a previously unknown set of
issues with the Windows TCP/IP stack, while the remaining patch deals
with poor input handling associated with the LSASS service. Both
patches address code execution problems, though only the TCP/IP
issues could be remotely executed.
-- Recommended Action --
All users and administrators should apply the updates at the
earliest opportunity.
-- Source --
http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
http://www.beskerming.com/premium/patch_pack.html
http://store.eSellerate.net/s.asp?
s=STR3448907936&Cmd=CATALOG&CategoryID=9811
-- Updates Available --
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx
-- External Tracking Data --
CVE-ID: CVE-2007-0066 (MS08-001)
CVE-ID: CVE-2007-0069 (MS08-001)
CVE-ID: CVE-2007-5352 (MS08-002)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.2 QuickTime - Remote hacker automatic control
-- Products Affected --
7.3 and prior.
-- Technical Description --
A new vulnerability appears to have been discovered with the RTSP
handling within QuickTime, despite the fixes provided with QuickTime
version 7.3.1.
According to Luigi Auriemma, the vulnerability is a buffer overflow
that can be exploited when the QuickTime media player is retrieving
information about the status of the current rtsp connection. At this
stage it appears that the vulnerability as tested in the proof of
concept only affects the Windows version of QuickTime, but it is
possible that the OS X version is vulnerable as well.
-- Description --
Luigi Auriemma has disclosed the discovery of a new vulnerability
affecting QuickTime's handling of RTSP streams. This issue may be
related to a previous RTSP vulnerability(updated with QuickTime
7.3.1, released in mid-December), but at this stage it appears to
only affect Windows QuickTime versions.
Proof of concept sample code is readily available from the discoverer.
-- Recommended Action --
For all users, it is recommended that they update to QuickTime 7.3.1
(if they haven't already). Early reports suggest that OS X users (at
least 10.5.1) are not vulnerable to this particular issue, but it is
recommended that all users apply caution when interacting with
rtsp:// streams.
-- Source --
Upgrade to view
-- Updates Available --
Upgrade to view
-- External Tracking Data --
Upgrade to view
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.3 PostgreSQL - Remote hacker automatic control
-- Products Affected --
PostgreSQL 7.3, 7.4, 8.0, 8.1, 8.2
-- Technical Description --
Various security vulnerabilities were patched in a set of updates
released for the PostgreSQL RDBMS platform. Five separate
vulnerabilities were patched across all versions from 7.3 through to
8.2.
The vulnerabilities range from a privilege escalation vulnerability
in the Index Functions, through to denial of service in regular
expression libraries, and privilege escalation in DBLink.
PostgreSQL 7.3, 8.0, and 8.1 have also been EOL'ed.
-- Description --
The PostgreSQL Global Development Group has released updated
versions of the PostgreSQL RDBMS, addressing several key
vulnerabilities affecting all versions from 7.3 through to 8.2. The
PostgreSQL developers consider these vulnerabilities to be critical
and strongly recommend that administrators update to the latest
versions as soon as possible.
PostgreSQL developers discovered the vulnerabilities during security
analysis, and have worked to ensure backwards compatibility for
existing data stores with the updated versions.
It should also be noted that PostgreSQL versions 7.3, 8.0, and 8.1
have been EOL'ed and it is recommended that administrators update to
current versions.
-- Recommended Action --
Update to the releases provided by the PostgreSQL development group.
-- Source --
Upgrade to view
-- Updates Available --
http://www.postgresql.org/ftp/binary/
-- External Tracking Data --
Upgrade to view
-- Threat Matrix --
U O
Home User 8 8 (Very High)
Corporate 8 8 (Very High)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 Does the new QuickTime 0-day mean Apple has Problems with Patching?
In the past Microsoft has been criticised for poor vulnerability
patching (by not patching the underlying vulnerability that is
causing a problem and then having to reissue patches as attackers
adjust and attack), and it is a criticism that has also been levied
against Apple with the handling of different mDNSResponder
vulnerabilities. Recently disclosed vulnerability information
regarding another RTSP handling problem in QuickTime could be a sign
of a similar problem brewing. RTSP vulnerabilities were patched no
less than four times in the last twelve months (Security Update
2007-001, Security Update 2007-004, Darwin Streaming Server 5.5.5,
and QuickTime 7.3.1), and it seems that there are still opportunities
for remote code execution within the RTSP code handling routines.
A minor blessing with the latest vulnerability disclosure seems to be
that the vulnerability does not appear to affect the latest version
of OS X (10.5.1), at least according to early reports from third
party testers. It is known that there is partial exploit
functionality on the Windows QuickTime version, but with increased
attention sure to be focussed on the product it may yet be found that
the vulnerability can be extended to the OS X versions. As in the
past, it is recommended that users avoid RTSP data streams until
Apple is able to issue a patch for this latest problem.
2.2 Ignorance is no Excuse
After noted British television presenter Jeremy Clarkson took umbrage
at the massive outcry regarding the loss of personal records for 25
million UK residents he decided to prove that it was an over-reaction
(in his mind) by publishing his bank details in a newspaper column
that he writes. According to Clarkson, the worst that could be done
was that someone would be able to deposit money into his account.
Unfortunately for Clarkson, a reader was able to establish a £500
direct debit to a Diabetes charity, direct from his account. While
this should not have been allowed to take place (the bank should have
required correct proof of identity in order to establish the direct
debit), it was a wakeup call for Clarkson, who acknowledged the
misconceptions that he originally held and recognised that the loss
of personal data can have significant negative effects on those whose
data has been misappropriated.
It is rare to see such a public reversal of opinion on such a matter,
and it is likely to serve as a clear example to many about the risks
associated with the loss or mishandling of personal data.
While the incident is unfortunate, it is highlighting a problem with
the UK banking system. As Clarkson initially pointed out, all someone
should have been able to do would have been to add money to his
account, but the result showed that there is at least one UK bank
that is more than happy to allow money to be withdrawn from an
account without really validating that the account holder is the one
authorising the withdrawal. Some comments have gone as far as to
suggest that the financial industry is complicit in data theft cases
- being too ready to allow the withdrawal of a victim's financial
resources.
2.3 Ethical Boundaries in Information Security Research
With Information Security being such a broad field, without any
formalised coordinating or licensing body, appropriate boundaries for
ethical and professional behaviour and activity can be difficult to
determine. What is ethical to one researcher may be completely
inappropriate to another. What may be generally accepted as
appropriate behaviour at one point in time might be shown later to be
completely inappropriate.
When the burden of becoming the Information Security specialist falls
to people who have little idea of the issues within the field, it can
lead to further problems, as they attempt to reduce the problems and
issues that they face into a format that they recognise and
understand (which isn't always a bad thing - they just need to
recognise when that approach breaks down).
Unfortunately for the Information Security field, the strongest
supporters can also sometimes become the threat that they continually
warn about - a lot of the time completely by accident. The
development and limited release of proof of concept tools is often a
means to rapidly demonstrate a set of risks and aid in the
development of techniques to address them.
It was recently disclosed that one such tool, created by noted
Information Security firm eEye, has had its techniques morphed into
an attack tool by malware authors. In this particular case it had
taken two years for the proof of concept to be morphed into an attack
tool (or at least be publicly discovered).
While it is likely that the techniques would have eventually been
discovered independently, and there is no definitive proof that the
eEye tool was the basis for the new attack code, it does raise the
question as to how much assistance the publication of proof of
concept materials provides to attackers.
It can be argued that the previous example is more beneficial to the
field of Information Security than it is harmful, and that similar
examples are just as valuable. A less clear example has come to light
in recent days, with noted web security expert RSnake issuing a call
for entries in a contest designed to create the smallest XSS worm
that can functionally replicate itself across a network. Arguments
for the contest are centred on the benefits that it will bring to
those studying how such worms can be created and how to defend
against their potential. With increasing coverage of the contest,
there are plenty of arguments being put forward that the approach is
unethical and contributes to the image of Information Security being
full of people who are just as willing to create the problem as they
are to solve it (especially if they helped create it in the first
place).
That isn't the only ethical concern facing Information Security
workers. One of the big selling points that Antivirus companies try
to beat each other on is the number of malware types that they can
detect and handle. Although there are plenty of examples of rootkits,
viruses, and other malware that can easily slip past up to date
antimalware defences, and there are plenty of cases where up to date
antimalware tools have gone off the rails or companies have over-
reported on critical problems (despite what some companies initially
claimed, the exploit code was not publicly released), companies are
still pushing to be number one in detection of numerous malware samples.
F-Secure recently laid claim to one of the largest detection sets, at
half a million distinct malware samples. Although this seems to
correlate to other industry reporting the question posed is just how
many of those samples can truly be claimed as distinct malware. If
the same signature pattern will trigger on multiple variants, that
might only differ in where they send their malicious data or where
they report to, does it really mean that those variants are distinct?
It also seems that antimalware companies are more than happy to move
the boundaries of where they measure their malware from, and with the
inclusion of malware based on JavaScript, HTML, PHP, and which
targets those technologies, it means that their claims for numbers of
malware types detected can be massively increased. This is even more
beneficial for the antimalware companies as the change of a simple
couple of bytes in a lot of these recently added malware types will
allow them to slip past detection relatively simply without radically
changing the exploit effectiveness (which means more added detection
opportunities).
The other interesting point raised by the claims of detections is
that it suggests that efforts to arrest malware developers, close
down their control networks, and provide other legal and paralegal
means of limiting their activities are ineffective. Either that or
malware authors are the biggest growth industry in software
development and they have solved many of the efficiency problems
plaguing large software development firms.
As that is plainly not the case, and the legal efforts are starting
to have some effect on the various malware industries (the Russian
Business Network has effectively been forced offline in the last 12
months), it suggests that the antimalware companies are not being
completely honest in how they identify distinct malware samples.
=======================================
Sincerely,
Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
« Return to Thread: Advisory #252 - Microsoft (Multiple), QuickTime, PostgreSQL, Multiple News
| Free Forum Powered by Nabble | Forum Help |
