News

Wednesday, May 28, 2008

Could Phlash Attacks Be Your Next Big Concern?

WIN_SECURITY UPDATE_
A Penton Media Property
May 28, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831315-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
Symantec

Messaging Management

Fundamentals eBook - Best Practices & Service Comparison
Email and messaging infrastructures are the backbone of today's business
operations, they are so essential that if they go down, an
organization's business stops. With this level of importance put on
these systems, protecting your email and messaging infrastructures is
the primary goal of email and messaging management solutions. Email and
management solutions can mitigate the risks related to information loss,
leakage, or unauthorized data access. Read this eBook to learn about the
best practices of designing an email and messaging management
infrastructure in Exchange-centric environments.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831316-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--Could Phlash Attacks Be Your Next Big Concern?
by Mark Joseph Edwards, News Editor
Flash memory is great technology. It's used in many diverse ways and is
especially useful because it allows for mission-critical code to be
changed on the fly when necessary. For example, you can flash a computer
BIOS with core system-level updates, load new driver code into your
printers, and load new mini-OS code or OS-helper code into a variety of
devices such as disk drives, media players, mobile phones, PDAs, and
other embedded systems.

Unfortunately, although flash-based devices are incredibly flexible, not
everyone is aware of exactly which devices in their networks have such
memory. What's even more of a problem is that some devices can have
their flash memory updated without the need for any type of
authentication. That poses a rather obvious problem, and Rich Smith of
HP Systems Security Lab thinks it's destined to become a big security
concern.

Last week at the EUSecWest conference in London (see the URL below),
Smith revealed some of his research into a potential nightmare that he
calls called Permanent Denial of Service (PDoS), which would be induced
by a "Phlash" attack. That is to say, a Phlash attack is a condition in
which an intruder flashes a device with faulty code that renders a
device permanently disabled. You might have experienced this at your own
hand if you've ever tried--and failed--to flash a WiFi router with new
code only to discover that the update didn't complete properly and as a
result your router completely stopped working.

eusecwest.com/speakers.html#PhlashDance
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831317-0-0-0-1-2-207)

Smith thinks that because vendors are working feverishly to harden OSs
and applications, intruders will eventually turn to new targets, namely
flash-based devices. He points out that because Phlash attacks are a
one-off type of attack, they might become more appealing because a
botnet isn't necessary, as in distributed denial of service (DDoS)
attacks. So, any sort of network-enabled device that has a flash update
mechanism could potentially become a target of a Phlash attack.

Granted, many devices have authentication mechanisms that must be
surpassed before a flash update can take place. However, there are a lot
of devices in use today that either have no authentication mechanism or
are shipped with default passwords that are never changed by device
operators. The potential for a Phlash attack points out the need to
examine and possibly augment your audit procedures. In short you need to
know if you have any flash-enabled devices on your network, and if you
do, which ones are vulnerable.

I don't know of any tool that can automate such an audit process;
however, Smith has developed a generic fuzzing framework called
PhlashDance that can help identify devices that are potentially
vulnerable to Phlash attacks. Unfortunately he has no immediate plans to
release that framework, so maybe we'll see someone else come up with a
solution and make it generally available before the bad guys come up
with one and start using it to identify potential targets.

The good news is that there are no known Phlash attacks happening at
this point. In addition, some people think these attacks aren't likely
to occur. These people base their opinion on the idea that simply
destroying a device isn't attractive to bad guys because destruction
doesn't necessarily bring the kind of financial rewards that extortion
can bring. However, these attacks could start at any time--I wouldn't
underestimate the willingness of a sociopath to do harm out of sheer
spite, even if it means no financial reward. For many sick minds
destruction in and of itself is more than enough of a reward. Therefore
auditing your systems now, as best you can, is a good idea.

----------------------------------------
ADVERTISEMENT
Oracle Corporation

Oracle Database 11g Application Development

Oracle Database 11g has the same features and functionality on Windows
as on Linux and UNIX. However, significant work has been done to take
advantage of Windows-specific operating system features to improve
scalability.This paper will also discuss the support of a cluster file
system, 64-bit file I/O, and raw files increasing performance and
manageability.
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831318-0-0-0-1-2-207
----------------------------------------


SECURITY NEWS AND FEATURES

--Companies Placing More Focus on Security
CompTIA reports that on average, companies are placing more focus on
security as the years roll on. Security-related budgets are up, as is
proactive prevention, including security-related training.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831319-0-0-0-1-2-207

--Inactive Accounts Indicate Insufficient Audits
A recent survey shows that 42 percent of businesses have no idea how
many logon accounts are no longer needed. The results indicate that
internal security audits are either lacking or severely insufficient.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831320-0-0-0-1-2-207

--Microsoft Offers to Share Security Info
Microsoft announced that it has opened up its Security Cooperation
Program (SCP) to Computer Emergency Response Teams (CERTs) around the
world. Previously the company announced that it would share information
with law enforcement agencies.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831321-0-0-0-1-2-207

--Beware of Malware Filters Bearing False Positives
Earlier this week, the Haute Secure content-monitoring service blocked
Donn Edwards, a longtime reader of Paul Thurrott's WinInfo--one of
Windowsitpro.com's most popular sites--from accessing the site. Donn's
initial thought was that the blacklisting was a mistake, and he emailed
Haute Secure. Read the article to find out what happened next.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831322-0-0-0-1-2-207

--Microsoft's Free Antivirus and Antispyware Scanner Offers a Trusty
Second Opinion
Tucked into Microsoft Windows Live OneCare's product group is a free
scanning service called Safety Scanner. Internet-based and easy to use,
it provides a great second opinion when you're troubleshooting infected
computers. You can run a full scan or focus on protection, cleaning
registry files, or defragging the hard drive.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831323-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at

www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831324-0-0-0-1-2-207)


GIVE AND TAKE

--SECURITY MATTERS BLOG: Heads Up: Mobile Phone Forensics
by Mark Joseph Edwards
Ever needed to get at the data in a mobile phone to collect forensic
evidence? Learn about a tool that can help in this blog entry.

windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831325-0-0-0-1-2-207)

--FAQ: Consolidating Active Directory Forests
by John Savill
Q. What are some of the advantages of consolidating forests to a single
Active Directory (AD) domain?

Find the answer at

windowsitpro.com/article/articleid/99234
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831326-0-0-0-1-2-207)

--FROM THE FORUM: Web Mail Security Risks?
A forum reader writes that his company is reviewing their IT policies,
and in particular they are looking at user access to non-business Web
mail services such as Hotmail, Yahoo, Gmail, etc. He wonders what
security risks are created by allowing such access. Offer your
perspective at the URL below:

forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=90196&enterthread=y
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831327-0-0-0-1-2-207)

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.


RESOURCES AND EVENTS

Making Web Applicatons Perform Better: What to Watch, How to Watch It,
and How to Fix It

David Chernicoff discusses the common problems of Web applications and
how to prevent them. Web applications are often the first thing your
customers see and how they develop their impression of your business.
Even internal Web-based applications have a direct effect on your
business processes. Poorly performing applications can have a serious
impact on your workflow, and diagnosing problems with your Web
applications can be very complex and cumbersome. Join David Chernicoff
for this Web seminar as he discusses how to identify and prevent common
Web application problems.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831328-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831329-0-0-0-1-2-207)

Virtualization Essential Online Conference, June 24, 2008

Learn virtualization basics at this free online event. Discover how to
reduce IT costs while increasing the efficiency, utilization, and
flexibility of your existing hardware. You'll have a better
understanding of how virtualization delivers energy-saving economies
while promoting agility. Join Windows IT Pro for this interactive
real-life simulation and experience networking and interactive tools,
staffed sponsor booths, and educational chats to complement each
conference session.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831330-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831331-0-0-0-1-2-207)

Are You Storing Too Much Electronic Information?

It's absolutely essential to implement and automate effective email
retention policies in balance with managing the costs and risks
associated with electronically stored information. However, it's tough
to know whether your retention policies and approach dovetail
effectively with today's complex regulations, standards, and guidelines
for business records. Get expert legal advice and better understanding
of what you're required to do as an IT professional in this on-demand
Web seminar.

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831332-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831333-0-0-0-1-2-207)


FEATURED WHITE PAPER

Are Your Data Protection and Recovery Methods Stale?

What happens when your Exchange server's hard drive array fails, and the
president of your company calls looking for his email about a major
purchase that he and several other executives have been working on all
day? Learn about continuous data protection (CDP) by downloading this
white paper today and avoid having to ask your boss "How much data loss
is acceptable?"

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831334-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831335-0-0-0-1-2-207)


ANNOUNCEMENTS

Don't miss your LAST CHANCE to register for "Mastering Exchange 2007,
Server Management"!

Save time and manage your servers more easily with Mark Arnold's insider
tips and expert how-tos, and get started with basic PowerShell commands.
The three info-packed sessions at the May 29th event will include
real-world transport rule examples, high-availability options, PLUS a
live Q&A session, all for only $99. It's like getting three seminars for
the price of one! Register today at

www.windowsitpro.com/elearning/index.cfm?fuseaction=dynamic&v=5119&p=5161&code=&eventid=29&code=update
(www.windowsitpro.com/elearning/index.cfm?fuseaction=dynamic&v=5119&p=5161&code=&eventid=29&code=update)

Rev Up Your IT Know-How with Our Recharged Magazine!

The improved Windows IT Pro is packed with trusted content and enhanced
with a fresh new look! Subscribe today to

--Stay ahead of industry trends with comprehensive coverage of topics
such as
Vista and virtualization

--Solve tough technical problems with advice from veteran IT experts
such as Guido Grillenmeier and Mark Minasi

--Find real-world solutions easily with fast facts and quick tips

store.pentontech.com/index.cfm?s=1&promocode=EU2085R1&
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831336-0-0-0-1-2-207)

Windows IT Pro Is Your Definitive Source for BI Tools

--Learn from the top BI experts such as Derek Comingore, Dan Holme,
Michelle A. Poolet, and Rodney Landrum.

--Build the best platforms and reports with help from SQL Server
Magazine.

--Master data-delivery with front-end solutions in Windows IT Pro.

--Get how-to information, industry trends, and commentary by experts:
Subscribe to the Essential BI UPDATE e-newsletter.

Choose the resource that's right for you at

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831337-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831338-0-0-0-1-2-207)


CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831339-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831340-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831341-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831342-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=8280

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831343-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-8280-803-202-62923-831344-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive