Advertisement

   

Main Menu  

   

Cyberfreek on Twitter  

   

CyberFreek Follows:  

   

MS Zero Day and State Sponsored attacks

Details
Category: Information Security

How do you respond to a Zero Day notification ?

Ok, now how do you respond to an alert or warning issued by a Mega company like Google ?

 

Now couple this with, how do you respond to a State Sponsored attack ?  Oh heck, how about any attack on your network or infrastructure?

It seems that there is a Zero Day attack on Windows again.  It can allow a Drive By Download within MS Internet Explorer.  The problem lies within the XML Core Services / framework that Windows relies upon.

 

But State Sponsored attacks?  Many in the Security field have been complaining about this logical progression for years.  Some have awoken, some still have their head in the sand.

 

I say Logical Progression, well lets look at this for a moment.   I did an ISO meeting with IBM and they asked me to speak on Hacking and tools to help protect applications.  I started off with a timeline or logical progression.

 

  • Computers arrive on the scene
  • People begin to play and find they can access all sorts of things (malicious and "for the fun of it")
  • birth of the term "hacker"
  • Companies and Organizations lock down modem access.
  • Birth of Internet, why dumpster dive anymore when Script Kiddies are overly abundant?
  • Servers and networks are left open.  Birth of Firewalls and Gateways.
  • Servers are still open, birth of locking down the Server by turning off non required services.
  • Lock down the network and servers?  Ok, attacks begin through required ports (DNS, HTTP, HTTPS, SSH, SMTP, etc)
  • More security brought in to inspect and lock down access more.
  • Application Security is born because someone figured out a way to make applications do things not designed to do, grant access to OS.
  • Tighten down access even more, wait, did you just say outsource?  Attacks escalate, I wonder why?
  • Tighten security and access more, make it much more difficult to break in.  Birth of professional Sponsored attackers and teams of attackers.
  • whats next ?  Tighten Security more? What happens when you over tighten anything ? you risk cutting off too much.  Ever been choked before?.

 

Before I continue,  take the time to read this article that fired this article of mine off.

It seems that we are deep in the throws of a Global Cyber War but no one wants to admit it.

Taken from the article:

The vulnerability, known as CVE-2012-1889, allows remote code execution in computers that get infected when users visit the target malicious website and can give an attacker the same rights as a registered user.

Isn't this similar to an attack about 2 years ago ?  Drive by download is a serious every changing problem.  How do you stop it ?

Set up an ACL in your firewall to prevent access to this drive by IP ?  You're chasing the dragon here.  Block access to 1 IP and it will pop up from a million other places overnight.  Now how do you find the time and resources to find out what the IP may be when some of the IPs may also be from legitimate sites?

Or how about from legitimate search sites that are infected with information contained in databases that all you need to do is run the right search ?

You need some sort of stateful packet inspection device or server that can be updated from a vendor or a free site that keeps track of these things for you.  But wait, its found to be embedded within your application as well?  A request to go to an off site location for a Javascript file or Image or who knows what?  How do you stop that?

Ok, back to the article.  Zero Day vulnerabilities are a huge problem. Especially when they are found within an Operating System that you rely upon.

If you are legally bound to protect information within your organization and are diligent to protect it, but the OS is found to be weak.  Who is responsible for this potential breach or vulnerability that could lead towards a breach of Security?  You are.  Never the vendor, because there are clauses in the Use Licensing that says, "they are not responsible".

We need to change this. We as users, Professionals and the like.  The Vendor / User relationship is a symbiotic one.  One can not live without the other.  The louder we complain, the faster these things get patched OR the faster they rewrite the OS or components to function in a more secure way.

Did you read that article ?

Did you go and download the suggested fix yet ?  What are you waiting for?

 

Enjoy and stay safe!

 

Steve

   

Twitter for Cyberfreek

   
© Cyberfreek.com 1997-2024