On mySimon: Holiday Gifts For The Hostess
BNET Business Network:
BNET
TechRepublic
ZDNet
44 TalkBacks

By Robert Lemos
Posted on ZDNet News: Jul 28, 2004 6:11:00 PM

LAS VEGAS--It's mostly bad news for network administrators at this year's Black Hat Security Briefings: Increasingly, attackers are using better tools to find vulnerabilities quickly, exploit flaws and hide their attacks.

While some security experts point to zero-day exploits--code that takes advantage of previously unknown vulnerabilities--as a growing threat, a greater number are stressing the danger of online attackers' ability to quickly turn around attack code by analyzing the patch issued to fix the problem.

"Within a day, you can take a patch, find a problem, and produce an exploit," said Jeff Moss, the founder of the Black Hat Security Briefings, which kicked off Wednesday. "If a patch is released one day and an exploit comes out the next day, that doesn't leave companies much time to see to their security."

Several security companies, including Symantec and VeriSign, have noted that anecdotal evidence indicates that the code needed to take advantage of a specific flaw increasingly follows closely after the first details of the vulnerability are released. Security researchers at the Black Hat conference point to the increased usage of tools designed to reverse-engineer patches as the cause of the trend.

The accelerating creation of attack code means that companies have to be prepared to patch much more frequently, or find ways to secure their computers against attacks that use the latest flaws.

"Administrators can't wait for the next quarterly patch anymore," said Paul Watson, an information security specialist for Rockwell Automation and the author of a paper on basic network flaws. "Companies used to do it once a year--you would go out, get the patch bundle and apply it. You do that now and you are dead." Watson learned about incident response when he released information about a pervasive network flaw earlier this year.

The creator of the Slammer worm gave network administrators six months to patch their systems before releasing the worm in January 2003. The Sasser worm appeared in April 2004, three weeks after the vulnerability that allowed it to spread. And the Witty worm hit a mere two days after the flaw in a security product allowed it to spread.

Security companies and software makers hope to erect digital defenses to give their clients a respite from repeated patching.

On Monday, eEye Digital Security announced a new product, Blink, that acts as a shield for computers against quickly materializing threats. In the same way that antivirus software can halt computer programs from spreading to a victim's computer, intrusion prevention software such as Blink can stop incursions from worms and remote-attack software.

Microsoft will also do a lot to bolster unpatched systems from new threats when it releases Windows XP Service Pack 2 in August. The security update from the software giant will enhance the firewall and add security features to make it more difficult for attackers to exploit flaws. Those two features will make it significantly harder to attack Windows systems, said David Litchfield, founder and managing director of Next-Generation Software Security, a British company.

"Hopefully, the day of the Windows network worm is over," Litchfield said. "It is not going to be foolproof, but in terms of getting it more secure, it will go a long way."

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 44 Talkback(s)
Forest for the trees
When I started programming the hottest computer was an IBM 360 (about the size of a Hum-Vee).

What we were taught right from the start was to design applications for users.

That should ... (Read the rest)
Posted by: Bluesman Deluxe Posted on: 08/18/04 You are currently: a Guest | | Terms of Use
Classic!  Linux User 147560 | 07/28/04
catch-22 there in your logic  acaluya | 07/28/04
you are correct, but....  Monkey_MCSE | 07/28/04
Vunerability-Discovery-Patch-AV lifecycle  The King's Servant | 07/29/04
catch-23 in yours wink  michael-t | 07/28/04
A tad ridiculous  Jeff Spicoli | 07/28/04
You have a valid point but as a counter...  Linux User 147560 | 07/28/04
illogical  Jeff Spicoli | 07/28/04
I agree with Jeff. There, I've said it.  seosamh_z | 07/28/04
Why isp's won't do this:  CobraA1 | 07/28/04
What about trasparent proxing ?  ZXSpectrum | 07/31/04
2 Nits  tim__az | 07/28/04
You are correct  Linux User 147560 | 07/28/04
Too harsh  mjzalewski@... | 07/28/04
Speeding is allowed because of taxes  voska | 07/28/04
Funny, I know an ISP that does that  voska | 07/28/04
The Real Problems  JimSatterfieldW | 07/29/04
This places the blame  RedNek | 08/02/04
Yes!  bluescreen_z | 07/30/04
Forest for the trees  Bluesman Deluxe | 08/18/04
The ONLY way MicroSoft will EVER....  kd5auq | 07/28/04
You are probably right  uno@... | 07/29/04
Nice idea...But....  sma7769 | 07/29/04
And people just accept this?  Chad_z | 07/28/04
Apparently  seosamh_z | 07/28/04
sigh  M_c | 07/28/04
Why should users care?  OldeTimeGeek | 07/28/04
What is a PC  voska | 07/28/04
Outstanding!  wimbo_z | 07/28/04
HEY!!!!!  PA-ITGuy | 07/28/04
It's not that simple  mcunningham | 07/28/04
Why should users care?  DJnRF | 07/28/04
Yea?  wimbo_z | 07/28/04
Why They Accept It  TomGab | 07/28/04
True  uno@... | 07/29/04
Not true  The King's Servant | 07/29/04
XP SP2  jim-cacy@... | 07/28/04
Re: XP SP2  alterego_z | 07/28/04
How does business get done?  wimbo_z | 07/28/04
Everybody  michael-t | 07/28/04
Ok BallmerGates whatcha gonna do for the legacy ware  Squawkbox | 07/28/04
Linux - Because a 386 is a terrible thing to waste.  The King's Servant | 07/29/04
Windows OR Linux ???? that is the question  vbp1 | 07/29/04
To MS: secure your patches  PhilippeV | 07/30/04

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here