"such as blocking access from corporate machines to known command-and-control servers operated by hackers"
haha seriously?
TeamSpy snooped on governments, big biz undetected for 10 years
Computer security researchers say they have uncovered a decade-long espionage campaign against governments, businesses and human-rights activists in Eastern Europe and beyond. We're told the spying operation was partially pulled off by subverting TeamViewer - a legitimate tool for remotely controlling computers and holding …
-
Thursday 21st March 2013 18:16 GMT 1Rafayal
I am going to pre-empt Eadon and call this an EPIC WINDOWS SECURITY FAIL.
Seriously though, is the security flaw here to do with Windows, or the way in which it is administered?
I know a lot of IT departments go all out when trying to secure critical servers - but I also know from experience that the same level of protection is not afforded to the humble Windows based PC.
How many people have managed to get local admin rights on their work Windows machine so they can listen to Spotify or install some software to use with their mobile? Quite a few I would imagine - I am semi guilty of the same thing. And how many of these Windows users have access to secure Windows servers using something like RDP?
I dread to think.
Then throw in something like TeamViewer, which many will see as having a legitimate place on a work machine.
I am glad its Friday tomorrow.
-
-
Thursday 21st March 2013 22:58 GMT Anonymous Coward
Why do you think trusted computing was invented? people may whine about it, but code signing can stop such software getting modified and executed.
Don't say open source is invulnerable either, there's been a few near misses with that.
Yes, it is a ball ache and stops people writing their own software and running it so easily, but this is an issue of trust. Once dickheads ruin things there's no going back. We used to be able to go online without firewalls once for instance.
-
Friday 22nd March 2013 05:45 GMT Chairo
Why do you think trusted computing was invented?
- to make sure the people have no control of what is running in their machine?
- to turn "users" into "consumers"?
- to ensure the producer keeps the device "ownership"?
- to leverage the device ownership for squeezing out money?
- Security? Sure, but not for the whining consumers - trusted computing is all about making sure any content stays firmly in the box and cannot be used, if the content owner sees fit to revoke the license for whatever reasons.
On the other hand - trusted computing makes it more difficult to know what is going on inside the machine. Should the bad guys find a way to get their stuff running in the protected area, the end user is powerless to do anything against it. And trust me they WILL find a way. Organized crime can break any static security, given enough time.
-
-
Friday 22nd March 2013 01:40 GMT david 12
EPIC WINDOWS SECURITY FAIL
Yes, I agree. In the same way that this:
http://www.theregister.co.uk/2013/03/19/carna_botnet_ipv4_internet_map/
( Researcher sets up illegal 420,000 node botnet for IPv4 internet map) is an EPIC LINUX SECURITY FAIL. And any mention of CISCO at http://www.theregister.co.uk/security/ is an epic cisco security fail. (Anything with an installed base that big is epic).
-
This post has been deleted by its author
-
Friday 22nd March 2013 11:38 GMT 1Rafayal
Re: TeamViewer
Thats precisely my point, something like TeamViewer would be seen as a legitimate application to have installed.
Back on the subject of security holes, I read an article in the 2600 recently that describes how to set up a proxy using putty and SSH, I wont go into the details here.
The author describes this as a way of getting around companies IT policies and stresses that it shouldnt be used. Thing is though, anyone with half a brain can read this and implement it on their machine at work with very little trouble, or rights.
The same process would work on Windows or Linux. (that is really going to make Eadon explode)
-
-
Friday 22nd March 2013 12:13 GMT Anonymous Coward
Re: or the way in which it is administered?
While I concur that too much of what you've described goes on, some of it still comes back to the software vendors and they way they release their software. Microsoft and Adobe are the big offenders here, with a healthy assist from Autodesk.
Way back when MS released Win2000 we made a serious attempt to secure our network. Systems were only going to be deployed with User rights (not even Power User). And then we ran into the newest release of VB, which required administrative access to run. Not install, run. And since one of the divisions had about half its people using that ....
Currently if you are using the Adobe Creative Suite you have to both have administrative privileges AND do a Run As Administrator for the software to run.
And 2 years ago when I was trying to install the then current version of Autocad on Win7 64-bit system on our network I couldn't get it to work. Died every time at around 98% install, then rolled back everything it had done. Which made it a real PITA to try to troubleshoot. And the Autodesk people were never forthcoming with solutions. Eventually I found a forum posting elsewhere that said "move it off the network and install it on the standalone system." That worked, which meant it was running afoul of GPOs that were put in place to secure the network. At the time I had no clue at what the problem is, but the other day someone was having a problem installing a licensed copy of Google Earth (not the free one). The same solution worked and for Google Earth it was clearly a DRM problem (installer wants to write to the registry which is blocked), so I'm thinking its the same thing on the Autocad.
-
Saturday 23rd March 2013 19:36 GMT Michael Wojcik
Seriously though, is the security flaw here to do with Windows, or the way in which it is administered?
Both.
The DLL-dropping vector works in large part because Windows has a broken code-loading model. Using the same list of directories (PATH) for command resolution and dependency resolution was a mistake (one that Windows' direct predecessors in this area, OS/2 and SVR4 UNIX, did not make); searching the current directory before the path was a worse one. Microsoft has only recently partially remedied some of these problems with KnownDLLs, SafeLibrarySearchMode, and other tweaks.
However, DLL-dropping attacks could be made much more difficult by applying better system administration procedures. Restricting administration access is an obvious one; using filesystem privileges in a sensible fashion is another. Intrusion- and malware-detection systems might have helped.
But this is the point security experts have been making for years. Security is not an absolute; there are only degrees of security, represented by work factors associated with various modes of attack. If you want to improve your security, you have to understand what sort of attackers you're likely to face, what modes they're likely to employ, what vulnerabilities in your systems decrease their work factor, and what countermeasures you can use to increase it.
So the only answer to a general question like "is the OS or the administrator to blame?" is "yes".
-
-
-
Thursday 21st March 2013 22:10 GMT Crazy Operations Guy
Lately I've been getting:
The servers don't need patching, they are running Linux!
They continue to say that even after I report that postfix on the DB servers is spewing spam all over the place (we are a sendmail shop, so there is no reason for postfix to even be installed, let alone sending out mail to world+dog)
-
Thursday 21st March 2013 22:26 GMT Anonymous Coward
Yup...
It's a mindset I've seen many times, the: I run Linux/UNIX therefore it's secure/unhackable. It's a very dangerous mindset to get into because it ends up with complacency. I've also seen it as a storage/backup guy, although here it's along the lines of: I've got RAID and backups, I don't need to be careful with my system, we can recover it if anything goes wrong. That's usually shortly followed by the realisation that although all the files are backed up, the pre-backup script to prepare the server hasn't been run for a month and the person the alerts were sent to notify stopped working at the company a year ago.
My take is: Check your systems all the time, don't presume anything.
-
-
This topic is closed for new posts.
Biting the hand that feeds IT
