Security innovators emerge - on both sides of the firewall

Dark Reading Staff, Dark Reading

July 13, 2007

4 Min Read

11:55 AM -- Back in the days of the Internet boom, everybody was talking about "thinking outside the box." The idea was to throw out all the conventional wisdom about a problem and look at it from a completely fresh perspective. This sort of thinking gave rise to some great successes (think eBay and Amazon) and some spectacular failures (like a for-profit Website built around former Surgeon General C. Everett Koop).

Outside-the-box mania has died down since the bottom dropped out of the Internet market in the first part of the decade, but we still see it in waves from time to time. This week, one of those waves has hit the security industry, bringing some creative thinking from both the creators of security exploits and from those who are trying to stop them.

Take, for example, the new "hybrid Web worm" developed by researchers Billy Hoffman and John Terrill. If you can overlook the potential damage it might cause, this thing is truly startling in its creativity. Not only does it mutate to avoid signature-based security defenses, it can actually read the latest vulnerability lists to find and exploit newly-discovered flaws. It's like something invented by the Borg. (See Meet the Next-Gen Web Worm .)

But Hoffman and Terrill aren't the only ones thinking outside the box. Over the past week, Sun has been struggling to patch a stack buffer overflow bug in Java -- the WebStart utility in the Java Runtime Environment -- that could be used by an attacker to insert a bot agent, rootkit, or backdoor malware on the victim's machine.

This one is creative not only because of its versatility -- the user can be infected either by clicking on a malicious link or by unknowingly getting redirected to an infected Website -- but because it takes advantage of the fact that patch management tools generally don't know how to patch Java. (See 'Critical' Java Flaw Bugs Researchers.)

Then there are the new hacks on FIX, the application-layer protocol that's widely used for financial trading. Imagine the insider trading or financial damage that could be caused by penetrating such a critical transaction path. Who'd have thought such sensitive systems could be so easily hacked? These guys did. (See 'Hacking Capitalism'.)

And there are folks who are using common-sense creativity to solve some very old problems. Like the people at WabiSabiLabi Ltd. , who got tired of the back-room practices used to disclose and sell security vulnerabilities -- and invented an eBay-like marketplace to broker those deals. (See An Auction Site for Vulnerabilities.)

Oh, and we're still blown away by the latest version of FlexiSPY, which can use your mobile device to record your phone calls, read your email, track your Web usage, and even record the sounds around you when you aren't using the damn thing. Even James Bond never had a surveillance tool like that, but now it's available to housewives who suspect their husbands of cheating. (See FlexiSPY: Product or Trojan?)

The good news is that some of the good guys are thinking outside the box, too. Haute Secure, a startup that few people had even heard of a week ago, is now offering a free tool that is capable of blocking or filtering malware from a client PC. The technology is a leap past anti-phishing and signature-based blocking tools -- it actually recognizes the behavior of malware and can react automatically to block it. (See Startup Launches Free Malware Blocker.)

Some of the security research we've seen this week might be dangerous -- in most cases, the researchers are exposing the exploits in order to protect users from harm -- but it's good to see "outside the box" thinking of coming back to the Internet again, especially in the security space. The innovative development of new exploits -- and the creation of new technologies to close the holes -- will help lay the groundwork for the next round of innovative security products.

One warning though: Experts have determined that sites built around the surgeon general could be hazardous to your health.

— Tim Wilson, Site Editor, Dark Reading

Read more about:


About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights