Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/13/2007
03:55 AM
50%
50%

Breaking Out of the Box

Security innovators emerge - on both sides of the firewall

11:55 AM -- Back in the days of the Internet boom, everybody was talking about "thinking outside the box." The idea was to throw out all the conventional wisdom about a problem and look at it from a completely fresh perspective. This sort of thinking gave rise to some great successes (think eBay and Amazon) and some spectacular failures (like a for-profit Website built around former Surgeon General C. Everett Koop).

Outside-the-box mania has died down since the bottom dropped out of the Internet market in the first part of the decade, but we still see it in waves from time to time. This week, one of those waves has hit the security industry, bringing some creative thinking from both the creators of security exploits and from those who are trying to stop them.

Take, for example, the new "hybrid Web worm" developed by researchers Billy Hoffman and John Terrill. If you can overlook the potential damage it might cause, this thing is truly startling in its creativity. Not only does it mutate to avoid signature-based security defenses, it can actually read the latest vulnerability lists to find and exploit newly-discovered flaws. It's like something invented by the Borg. (See Meet the Next-Gen Web Worm .)

But Hoffman and Terrill aren't the only ones thinking outside the box. Over the past week, Sun has been struggling to patch a stack buffer overflow bug in Java -- the WebStart utility in the Java Runtime Environment -- that could be used by an attacker to insert a bot agent, rootkit, or backdoor malware on the victim's machine.

This one is creative not only because of its versatility -- the user can be infected either by clicking on a malicious link or by unknowingly getting redirected to an infected Website -- but because it takes advantage of the fact that patch management tools generally don't know how to patch Java. (See 'Critical' Java Flaw Bugs Researchers.)

Then there are the new hacks on FIX, the application-layer protocol that's widely used for financial trading. Imagine the insider trading or financial damage that could be caused by penetrating such a critical transaction path. Who'd have thought such sensitive systems could be so easily hacked? These guys did. (See 'Hacking Capitalism'.)

And there are folks who are using common-sense creativity to solve some very old problems. Like the people at WabiSabiLabi Ltd. , who got tired of the back-room practices used to disclose and sell security vulnerabilities -- and invented an eBay-like marketplace to broker those deals. (See An Auction Site for Vulnerabilities.)

Oh, and we're still blown away by the latest version of FlexiSPY, which can use your mobile device to record your phone calls, read your email, track your Web usage, and even record the sounds around you when you aren't using the damn thing. Even James Bond never had a surveillance tool like that, but now it's available to housewives who suspect their husbands of cheating. (See FlexiSPY: Product or Trojan?)

The good news is that some of the good guys are thinking outside the box, too. Haute Secure, a startup that few people had even heard of a week ago, is now offering a free tool that is capable of blocking or filtering malware from a client PC. The technology is a leap past anti-phishing and signature-based blocking tools -- it actually recognizes the behavior of malware and can react automatically to block it. (See Startup Launches Free Malware Blocker.)

Some of the security research we've seen this week might be dangerous -- in most cases, the researchers are exposing the exploits in order to protect users from harm -- but it's good to see "outside the box" thinking of coming back to the Internet again, especially in the security space. The innovative development of new exploits -- and the creation of new technologies to close the holes -- will help lay the groundwork for the next round of innovative security products.

One warning though: Experts have determined that sites built around the surgeon general could be hazardous to your health.

— Tim Wilson, Site Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1627
PUBLISHED: 2020-04-08
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending ...
CVE-2020-1628
PUBLISHED: 2020-04-08
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading...
CVE-2020-1629
PUBLISHED: 2020-04-08
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; ...
CVE-2020-1630
PUBLISHED: 2020-04-08
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...
CVE-2020-1634
PUBLISHED: 2020-04-08
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue ...