Contact Us
'Twas not the season to be jolly
Santy attacks while most out on holiday
It was a troubling holiday season for many in IT security. At a time when most security professionals were out of the office with friends and family spreading holiday cheer, a deadly new worm appeared and soon spread to over 40,000 websites before finally being slowed down. Meanwhile, two new vulnerabilities were announced - - though few were around to do much about them.
It all started with the arrival of Santy. Not the guy in the red suit (no toys involved here) but the Santy worm. Santy, a worm unlike any before it, searched Google for web servers with PHP (bulletin board/chat forum software) vulnerabilities, then spread as each infected site duplicated the process. Visitors to the sites weren't affected, but the web servers were--with the replacement of the chat forum by an announcement that the site had been defaced. And because the worm targeted any site that allowed the inclusion of arbitrary files into PHP scripts, every site using PHP was at risk. Sure enough, over 40,000 of them were infected within 24 hours.
Automated Google hacking: a giant step forward for worms?
Though Google effectively slowed Santy by blocking already infected sites from searching for new victims, the impact of the attack goes beyond its immediate scope. What we've seen with Santy is the first real example of automated Google hacking, and the slow-down looks to be just a temporary fix to a trend that's only going to grow. Previous worms like Blaster, Sober, and MyDoom spread by email or IP address, generating lists of random addresses and attacking them. Santy used random search criteria in Google to generate websites, meaning that anyone with a webserver would be knocked on pretty fast. As a result, the hit rate was much higher - - closer to 98% (as opposed to around 2% for worms like Blaster). Santy may have been the first web application worm to spread in the wild, but it won't be the last.
Should vulnerabilities be announced during the holidays?
Announcing vulnerabilities may indeed be the only thing that can pressure vendors to fix problems in their software, but doing it over the holidays when no one (except the bad guys) can do anything about it just isn't good policy - - whether you're for full disclosure or not.
But there was another thing that was troubling about Santy: the timing of it. The worm spread over the course of just two days while most companies running message boards were closed for Christmas. That in itself is no surprise: virus and worm writers have historically take advantage of the holidays to stage their attacks. What was surprising, though, was the announcement of other vulnerabilities at a time when while most IT security staffs were away from the office. It's long been an unwritten rule that flaws would not be announced over the holidays for this very reason.
So when a prominent security company announced vulnerabilities in Oracle and IBM on December 20th, it raised the ire of many who were still upset about the disclosure over Thanksgiving of WINS vulnerabilities.
For more information contact:
info@secureworks.com or 877-905-6661.
News Roundup
Even more Google problems?
There are a lot of great things about Google's Desktop Search Tool (GDS). It's free, it's fast, and it's a better way to index your drive than Windows Search. But is it secure? Google says it has fixed a vulnerability that could enable hackers to view search results for your hard drive's contents, but Gartner recommends holding off until the final version arrives (GDS is still in Beta).
The FDIC wants you.
Well, they want your opinion, at least. The regulatory agency released an in-depth report last month detailing the rise of identity theft performed through phishing and hack attacks. The study, which examines industry and legislative responses and also focuses on tools to mitigate the risks, is open for public comment until February 11.
Feds stop spam king . . . for now.
When you have a nickname like the Spam King, you should probably expect to get some flak. So it was no surprise when Stanford (aka "Spamford") Wallace--the owner of SmartBot.net and Seismic Entertainment Productions-was hit by an injunction from a federal judge last week ordering him to stop infecting programs with spyware. We'll see how long that lasts. Until then, you could always use Spamford's anti-spyware programs ("Spy Wiper" and "Spy Deleter"). Ok, ok, don't do that, really--they don't work. What a surprise.
Primer on fighting spyware.
Speaking of spyware, there are any number of articles and resources on the about the issue, but by far the best summary I've seen is Walter Mossberg's "Primer on Fighting Spyware." Mossberg takes just three pages to explain how spyware works, how you get it, and how you can avoid and protect against it. While you're at the site, check out some of his other articles on network security. It'll be well worth your time.
Medical records online: yea or nay?
Obviously there's a significant benefit for both hospitals and patients to posting patient records on the web: you gain the ability to instantly transmit patient information to any part of the world, thereby significantly reducing the number of deaths and accidents. (Not to mention the fact that you can reduce paperwork.) But the possibility of a hacker getting hold of those records outweighs the benefits in they eyes of many. And then there's something called HIPAA . . . . Looks like the debate's only growing.