Perimeter
3/22/2011
09:19 AM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%

A Deep Dive Into The Latest Threats

New series of blogs will examine what the latest malware or attack really means to your organization and what to do -- or not -- about it

Welcome to the Security Views blog for Dark Reading's new Advanced Threats Tech Center. This is the first of what will be an ongoing series of posts, designed to specifically focus on the analysis of threats of note, as well as the offensive and subversive technologies that are commonly associated with them.

Today, for one reason or another, the community at large places an increasing amount of focus on what many consider to be "high-end" threats. Most commonly, this has been due to three reasons: their specific targeting against organizations or individuals perceived as being tough, a high success rate (such as the formation of a comparatively large botnet), and their use of lesser known, or entirely innovative, techniques. When we see such an attack hit the AV analysis message boards, headlines, and blogs, it is often a challenge to make any sense out of the speculation and unsubstantiated grandiose theories of state sponsored acts of war and espionage.

To this end, it's my hope that this blog will feature a predominant note of objective threat analysis in a world that is often subject to much speculation and conjecture, more often than not to our detriment as a community. So who should read this blog regularly? Well, I hope you all will! I will be taking a close look at some fairly technical topics -- but always providing commentary that I hope will be of equal value, whether you are a security executive seeking to make heads from tails of a new threat to your organization, or a malware analyst looking for existing data regarding a threat of interest that you have been tasked to analyze.

Many of you with whom I have chatted or have attended my presentations at Black Hat and other conferences will know that when it comes to threat analysis, I'm big fan of data from proven analysis methodologies. Threat analysis should always be actionable, and that generally means more than gut instinct alone or sticking your finger in the wind and hoping for the best.

Differing threats often warrant different approaches to their analyses and are often contingent on the data available. Because this blog is intended to be more of a commentary on threats of note and not an exhaustive analysis of everything we see, I will, where possible, leverage many of the analysis techniques that I've spoken about (specifically in reference to my analysis of Stuxnet) during the past nine months. Where relevant I will perhaps introduce some new approaches to derive greater meaning out of the data available. Threat analysis isn't yet a precise science, but we can certainly get a lot closer by taking a hard look at the techniques we use and for which goals we are trying to use them to achieve.

Finally, I want to hear from you. If you have spotted something out in the trenches you think might be of interest or have additional data on a subject that you've seen mentioned on this blog, please feel free to send a note. Likewise, if you spot something in the press, or elsewhere, that emanates that distinct whiff of FUD -- or could be flat-out fictitious -- let me know, and I will try to take a closer look.

Please feel free to get in touch either by email at darkreading@rooted.net (PGP: 0x36112650) -- or feel free to post comments with links and other discussion after blog entries.

Tom Parker is director of security consulting services at Securicon.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6646
Published: 2014-09-23
The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6647
Published: 2014-09-23
The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6648
Published: 2014-09-23
The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6649
Published: 2014-09-23
The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6650
Published: 2014-09-23
The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application 3.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio