$BlogRSDUrl$>
linking INTEGRITYIntegrity - use of values or principles to guide action in the situation at hand.Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR. The Real Threats to Security are Changing, 16.6.04
eSecurity
The Spread of Hybrids
Some hybrids target applications, like SQL, or features, like Active Directory service functions, that are common in particular operating systems. But the vulnerability is increasingly in the application, rather than in the OS itself.
Hybrid malware may use worm techniques for spreading, a virus to do damage, and then implant a Trojan horse to turn the system into a zombie or remotely controlled proxy or remailer.
Spyware and ad-bots can add to these risks, as can the uncontrolled use of peer-to-peer technologies like kazaa. While ostensibly for market research or file sharing -- 'legal' sharing, only, please -- even well-intentioned uses of such software can open gaping holes in network firewalls. It is these leaky holes that create risk by providing potential attackers with both systems information for exploiting, and personal information that can be stolen and used for identity theft.
The good news is that host and enterprise anti-virus software identifies and stops the lion's share of all of these forms of malicious software.
The bad news is that times are changing -- fast.
The speed with which new infectors are popping up is increasing. The cycle time between knowledge of a vulnerability and the release of an exploit is shrinking. We may not be at the point, yet, where exploits pre-date patches but the trends make that a foreseeable event.
Remember that in practical terms, it's not the release date of the patch, but the time it takes to test and then apply the patch that is a bigger concern to enterprise system managers.
[...]
CommentsPost a Comment
Archives07.03 08.03 09.03 10.03 11.03 12.03 01.04 02.04 03.04 04.04 05.04 06.04 07.04 08.04 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 08.06 09.06 10.06 11.06 01.07 02.07 03.07 04.07 07.07 08.07 09.07 10.07 05.08 06.08 |