Symantec is releasing virus defs today (after 8:30pm) with detection for Bloodhound.Exploit.26. This is the UPX Parsing Engine Heap Overflow
vulnerability. Information about this vulnerability is available at:
http://www.sarc.com/avcenter/security/Content/2005.02.08.html
Basically if you are running anything earlier than SAV 9.0.1.1000 corporate edition you probably need to look into upgrading.
Archive for February 2005
Bloodhound.Exploit.26
Infosec Related TV
Rob Rosenberger wrote about his rejected idea for a infosec based tv show. He’s thinking something along the lines of MaxX. If you haven’t seen the show, its a clip show of disasters and police chases backed up by acerbic voice over commentary. The problem is where do you get the video clips. The only people filming at work is physical security. Their cameras are aimed at the entrances. They wont catch video of Troy in Accounting opening loveletter. Everything would have to be reenacted. This works for John Walsh, but on a show like MaxX, the show is too fast paced and would require too many segments be filmed.
I would advise modeling the show after the all too brief reality series “Spymaster” on TLC. They first showed auditions in major cities where they ran people through a situation and based on how they handled it, they let them on the show. The selected candidates were taken to “The Farm” a foux CIA training center. There they learned how to handle weapons, self defense and basic espionage. Through several challenges individuals were weeded out. The finale was a “hostage” rescue in Mexico.
I would see the analogous show as a hacker bootcamp. Perhaps it could be something like “Hacking by the Numbers” taught by the Sensepost guys, except you have a big finale where you must defend your own computers while attacking computers of the other guys.
While we’re on the subject, am I the only one who would like the yearly competition between the NSA red team and the combined armed forces academies televised?
Ok, the show would get pilloried for glorifying hackers. Perhaps the “Hackmaster” approach isn’t the best show. I’m thinking an Infosec comedy might work, but it might be tough to do without ripping off Dilbert or The Office.
Shmoocon Ends
The Shmoocon concluded today. I wasn’t fortunate enough to make it down to the conference. I wish I had, but because of school, I don’t get out much.
There are two posts related to shmoocon over at the TaoSecurity Blog. They are worth checking out.
http://taosecurity.blogspot.com/2005/02/shmoocon-concludes-shmoocon-finished.html
http://taosecurity.blogspot.com/2005/02/shmoocon-day-two-here-are-few.html
http://taosecurity.blogspot.com/2005/02/shmoocon-begins-i-am-happy-to-report.html
Hot Spot Found on Saturn
Future astronauts were thrilled by the discovery of a hot spot on Saturn. They will now be able to use their wireless access minutes at Starbucks across America, major airports as well as Saturn.
Security professionals immediately sounded an alarm. If these war drivers can pick up a hot spot on Saturn, imagine what they can do with the signal from the wifi equipment at your house!!!
The preceding blog entry was a joke based on the AP headline Astronomers Find ‘Hot Spot’ on Saturn.
Death by LCS
Live Communications Servers offer the ability for employees to communicate with one another. Like any communications medium, they are also a way to spread viruses. There are several MSN Messenger specific viruses that effect LCS.
It seems like a good idea to improve employee communication. For people upgrading from Exchange 2000, they get the LCS server for free. They’ve already got the client access licenses. They’re just left with the cost of hardware. So how do you get management to fork over 20k for Antivirus when the rest of the solution is “free”? If its been more than a couple years since the last outbreak, it seems to be more difficult to get security funding. 
I heard a report from another company that they’ve been having their employees receive viruses sent through their LCS server. Its not a hypothetical problem anymore. I’m not one of these people who think that security comes first, then security, then security, then security, then security, then cost then security then convenience. Security needs to be in balance with cost, convenience and the potential threat. I think in the case of instant messenging the threat is no longer academic. The threat spread itself across several companies this week. Time to consider antivirus part of the cost of a communication system.
Security Mold
Over on another board that I frequent a user was posting about a problem he was having at his house. It started with his new windows. It seems they were still getting condensation. It turns out that the humidity is 80% in his home. His wife is suffering some allergies due to the humidity. This guy is concerned about the quality of the window construction. Later he starts other threads about dehumidifiers.
No one can understand why he has such high humidity in the winter in Pennsylvania. Finally it comes out that there is water in the crawl space beneath his house. Even once this is discovered, the guy just says he doesn’t want to deal with that now. He wants to know about how to know that the windows were installed correctly. He wants to know how to know that his dehumidifier is working.
We all have these blind spots. Well, perhaps blind spot isn’t the right word. We’re aware of the problem but we refuse to acknowledge it or deal with it. Its easier to deal with the symptoms rather than the problem itself. Its also true in our professional lives. For example, we have nice safe little security projects that wont effect people. We do the equivalent of putting up air fresheners and getting a dehumidifier instead of fixing the mold infested bacteria pool that is in the crawl space.
