<$BlogRSDUrl$>
 

This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml

 

linking INTEGRITY

Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

The Real Threats to Security are Changing, 16.6.04

eSecurity

The Spread of Hybrids

Some hybrids target applications, like SQL, or features, like Active Directory service functions, that are common in particular operating systems. But the vulnerability is increasingly in the application, rather than in the OS itself.

Hybrid malware may use worm techniques for spreading, a virus to do damage, and then implant a Trojan horse to turn the system into a zombie or remotely controlled proxy or remailer.

Spyware and ad-bots can add to these risks, as can the uncontrolled use of peer-to-peer technologies like kazaa. While ostensibly for market research or file sharing -- 'legal' sharing, only, please -- even well-intentioned uses of such software can open gaping holes in network firewalls. It is these leaky holes that create risk by providing potential attackers with both systems information for exploiting, and personal information that can be stolen and used for identity theft.

The good news is that host and enterprise anti-virus software identifies and stops the lion's share of all of these forms of malicious software.

The bad news is that times are changing -- fast.

The speed with which new infectors are popping up is increasing. The cycle time between knowledge of a vulnerability and the release of an exploit is shrinking. We may not be at the point, yet, where exploits pre-date patches but the trends make that a foreseeable event.

Remember that in practical terms, it's not the release date of the patch, but the time it takes to test and then apply the patch that is a bigger concern to enterprise system managers.

[...]


Comments

Post a Comment

 

Google

Integrity Incorporated

Site Feed

 Feedblitz email:


 RSS: http://linkingintegrity.blogspot.com/atom.xml


"We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
Compromise need not mean cowardice. .."

John Fitzgerald Kennedy, "Profiles in Courage"

Archives

07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08