Uncategorized


The reality of System Management Mode attacks

By Peter Ferrie, Microsoft
Another day arrives and, with it, another way to run code. This time, it’s executing arbitrary code in System Management Mode (SMM) memory. That sounds kind of exciting, right? A SMM rootkit? Does that mean that we need an anti-malware scanner for SMM memory now? Or will it just fade away? All this and more will be answered shortly. But first…

NZ telco hires admitted botnet operator

By Michael Field, Sydney Morning Herald
 
TelstraClear, Telstra’s New Zealand subsidiary, has hired one of the worlds best known hackers [smh.com.au] — a teenager known as “Akill”. 
 
Owen Thor Walker, a 19-year-old who became the subject of a US Federal Bureau of Investigation’s “Operation Bot Roast” cyber crime investigation, was part of a hacker group known as the A-Team. 

Partial disclosure: Was it a cat I saw?

By Katie Moussouris, Microsoft
Quite often in our industry, two (or five) people can look at the same problem from different angles, and see radically different things.  Rare is the situation that reads the same to everyone, forwards and backwards.  It’s all about perspective.
In my appearance on the ‘Partial Disclosure Dilemma’ Panel at SOURCEBoston this year, I found myself surrounded by great minds who most certainly do not think alike.  While there was some agreement and common ground between all parties on the dais, namely wanting to make the Internet safer and protecting people, there was little agreement on the best way to accomplish that goal. 


The rumored acquisition of Sun Microsystems by IBM could have far-reaching consequences for the identity-management market. Both companies have long histories in the IAM market, but have taken different paths over the years, with Sun focusing on open-source development and IBM sticking with the commercial model. So integrating the two portfolios could prove to be a major challenge, writes Steve Coplan of The 451 Group.

Gartner security analyst Neil MacDonald thinks there are five levels to the discussion [gartner.com] about whether Microsoft should be in the security business.   They include secure coding (obviously), secure functionality in the platform at no cost (of course), add-on security products at a fee (maybe) and paid cloud-based security services (sure).

Microsoft’s initial move into the security products market, the ISA Server, has evolved well beyond its firewall roots. Now known as the Threat Management Gateway, the product is being positioned as a comprehensive Web security gateway. But as Eric Ogren writes in his review of the Threat Management Gateway [SearchSecurity.com], the beta release offers enterprise IT shops some solid capabilities, but also has some considerable drawbacks.

User names and passwords belonging to more than 8,000 Comcast Internet customers were left exposed on the Web for at least two months. A post by Brad Stone on the Bits blog [NYTimes.com] details the situation, which was exposed by a Comcast customer from Pennsylvania.

By Roel Schouwenberg
As Dancho Danchev pointed out, the BBC leased itself a botnet [zdnet.com]. I couldn’t quite believe it when I read it. The BBC, arguably one of the very best TV producers in the world, surely should have known better? There are so many things wrong about this that I hardly know where to start.
Firstly, given their figures, they seem to have spent quite an amount of money purchasing the botnet. Regardless of how much the total sum was, they sponsored the underground economy. Paying money to criminals (for illegal goods) is not only unethical but also considered illegal in most countries. The BBC broke the law right there and then already, not when they actively started using the botnet.

Sprint has sent letters to thousands of its customers informing them that a former employee compromised their personal account data over the course of two months in 2008 and 2009. Brian Krebs [Security Fix] says that the company mailed warnings to several thousand customers and that the breach could have been far worse had Sprint not recently upgraded its security controls.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.