Security Blog
Recently in General Category
November 11, 2009
Web Browser Vulnerability Report - Firefox Leads the Pack at 44%
A recent report by Web application security vendor Cenzic pointed out that in the first half of 2009 Firefox totaled for 44% of all vulnerabilities amongst popular Web browsers. Also somewhat surprising is Safari coming in at 35% due to iPhone Safari vulnerabilities (that's another story in itself). IE came in third at 15% and Opera at 6% (BTW, where was Chrome?).
Firefox (by the way, I've been a Firefox user since its debut) is an open source browser which has marketed itself as a "safer" alternative to Microsoft's Internet Explorer. Early on that was true, however when Firefox started to gain popularity, hackers began shifting focus to it and Firefox became "less safe".
Two factors contribute to the amount of vulnerabilities we are seeing in the browser today. Number one, the browser is relatively young, so there are naturally more holes in it. This will get better as the browser further matures.
Second of all, Firefox is open-source and has a flexible add-on architecture where basically anyone who can code (and even some who can't) can make an add-on for Firefox. While this architecture and open source in general bring flexibility, functionality, and scalability to the browser, many of these add-ons are not "hardened" and could introduce security loopholes into Firefox. Also, due to the open-source nature of Firefox,hackers can study the browser source code inside out and find holes that way.
Regardless, I will continue to use Firefox. However, I'll also make sure that my security surrounding the browser is up to snuff. I suggest you do too.
Posted by: Pete at 12:13 PM
Categories: General
November 6, 2009
Critical SSL Vulnerability Discovered
A critical vulnerability in SSL was discovered in August of this year by Marsh Ray and Steve Dispensa of PhoneFactor. These findings were made public on November 4th.
Basically they uncovered a flaw in the SSL protocol itself - a gap in SSL authentication during renegotiation between client and server. This unauthenticated request allows the man-in-the-middle (MITM) attacker to inject specially crafted plaintext into the application protocol stream, which can be used to exploit different applications.
Folks, this is a vulnerability of epic proportions we have here. Online banking, online shopping, cloud computing, remote services all are based on the fact assumption that SSL is secure. How would you feel going to bed every night when you know your front door lock can be easily picked?
The good news is that vendors have been working on patches to the problem for a few months now. The bad news is, so much of our Internet infrastructure utilizes SSL. It will be impossible to patch everything. I bet cyber criminals are also scrambling to come up with ways to exploit this vulnerability before the patches arrive. This is going to be a very interesting few months. Stay tuned.
Posted by: Pete at 9:57 PM
Categories: General
November 3, 2009
Trick or Treat - International Kill-A-Zombie Day
I hope everyone enjoyed their Halloween and their fair share of candy. And no, we are not talking about killing "REAL" zombies (the ones in flesh, or rotten flesh to be more exact) here.
As we've mentioned time and time again, zombies are a growing problem in today's Internet. Once a PC has been infected, it joins the ranks of the fellow infected as zombies who respond to any command a hacker might give it. They are used to send spam (yes, the spam you get everyday comes from a zombie, NOT a mailman in cyberspace), carry out denial of service attacks, and many other mischievous deeds.
Our friends at Sophos have designated October 31st as the International Kill-A-Zombie Day (images of Resident Evil, Zombieland, and Night of the Living Dead just pop into my mind saying that). They've come out with two very interesting videos to promote zombie awareness. Have a look and join the fight!
">
">
Posted by: Pete at 1:37 PM
Categories: General , Malware , Spam
October 30, 2009
This Week in Phishing
I just received this email in my Yahoo mailbox:
What do you guys think? Should I email Mrs. Elizabeth and claim my 11 million?
I could really use the extra cash right now.
Posted by: Pete at 4:59 PM
Categories: General , Phishing , Spam
October 29, 2009
AV-Test /Tolly Report: UTM Virus Detection Comparison
AV-Test.org and Tolly have released their UTM virus detection comparison report. In the report the ProSecure UTM10 was pitted against all-in-one solutions from Sonicwall, Fortinet, and Watchguard.
The test consisted of two parts:
1. Wildlist malware detection
2. Zoo malware detection
The results really highlight the lack of emphasis on the "security" aspect of existing all-in-one solutions.
While we see a big emphasis being put on throughput, the truth is, throughput from existing multifunction firewalls is fine at our current WAN connection speeds - even with all security enabled.
What you need is better protection.
And our ProSecure UTM was architected from the ground up to provide you just that.
You can download the full report here
Posted by: Pete at 5:05 PM
Categories: General , Malware , Viruses
October 23, 2009
ProSecure UTM Obtains ICSA Labs Anti-virus Certification
I'm proud to announce that the ProSecure UTM has passed ICSA Labs Anti-virus certification.
This is the third certification it has passed in the past month (the other two being West Coast Labs Checkmark and VPNC).
For any new security vendor, the biggest challenge is always the initial step of proving your legitimacy in this space and this is one step forward for us in this regard. Our mission is to provide all businesses with the protection they need in today's Internet, and we will continue to push towards that goal.
Posted by: Pete at 1:08 AM
Categories: General
October 22, 2009
Windows 7 is Live
Windows 7 is finally here. I've been using the beta version for a few months now and have been anxiously waiting to get rid of Vista (I still ran XP or Linux on most of my machines but switched to Vista on my main at home). My two copies should be arriving in the mail today so I should have everything up and running tonight when I get home.
You can bet that cyber criminals alike will begin shifting (if they haven't already done so) to Windows 7 as their primary OS of choice and that we'll begin to see Win7 specifically targeted malware in mass soon. Only time will tell if Win7 effectively protect users from malware better than previous Microsoft OS's.
On another note, I'll be trying out Microsoft Security Essentials (basically free AV from Microsoft) soon, and see how it stacks up against offerings from Kaspersky, Symantec, McAfee...etc.
Posted by: Pete at 8:43 AM
Categories: General
October 9, 2009
Another Adobe Reader Vulnerability
Adobe has issued a new security advisory about another critical vulnerabilty being exploited in the wild.
Here's an excerpt:
"Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows."
Adobe expects to have an update available to address this vulnerability on October 13, 2009.
Posted by: Pete at 12:27 PM
Categories: General
October 1, 2009
Cloud Security - The Holy Grail?
The latest buzz word around the tech industry is cloud computing. Seems like everything is moving towards the cloud now. Cloud based storage, computing, email hosting, software, documents, heck there's even talk about a cloud based video game system. With the movement toward the skies, security is no exception.
Due to the nature of cloud based applications, there is always a certain amount of latency associated with passing data to and from the cloud. While sending a URL to the cloud for analysis may not be too high, sending files even only a few megs in size for virus analysis will make Web browsing virtually unusable. Perhaps someday network bandwidth will increase to the point where large files can be sent across the Internet in milliseconds. Until then, there is a definite need for local anti-malware scanning. Whether that be at the gateway or desktop (or even better, both) doesn't matter. At our current speeds and processing power, local anti-malware scanning is still essential to the well being of ANY network. Don't let anyone tell you otherwise.
At the same time, don't forget to utilize cloud computing in areas where it shines.
Posted by: Pete at 12:00 AM
Categories: General
September 16, 2009
A New Way of Phishing - Chat-in-the-Middle
The RSA FraudAction Research Lab has recently discovered a new type of phishing attack that targets online banking customers (e.g. me and you). While past phishing attacks simply look for the victim to enter in their online banking credentials, this one does not stop there.
After the victim is tricked into entering their login credientials (usually at this point, entering in their login credentials, the victims are redirected to the phishing Web site or to the real bank Web site.), the attacker goes one step further by initiating an online live chat session. During this live chat, the attacker attempts to extort even more information from the victim through social engineering (phone numbers, addresses...etc).
Attackers are always finding new and creative ways to obtain sensitive information. You can never be too sure. My best advice is: When in doubt, go to your local branch.
Posted by: Pete at 10:31 PM
Categories: General , Phishing
