Last week Microsoft issued an advisory on a new vulnerability with the IIS FTP service. This vulnerability already has a published exploit and can result in allowing the attacker to execute unauthorized code on the target. Details of the vulnerability are available at the US-CERT website. If you have an anonymous account on your ftp server then you are especially at risk because no theft of credentials would be needed to execute this exploit.
To me the key to this issue is that a fix won’t be included in today’s Microsoft security patch release. There simply wasn’t enough time to identify, code and test the patch before it was released. Microsoft complained that the security researcher didn’t report the vulnerability responsibly. While this may be true, it certainly highlights the weakness of a desktop security plan that relies on patching and antivirus signatures. ( Read More… )
I am kicking off a monthly blog post that will wrap up some of the previous month’s top stories in endpoint security. This idea originally occurred to me when I thought about the life of an IT/security professional today. Teams that are not using application whitelisting need to respond to every single attack and vulnerability uniquely. This is the proverbial case of treating the symptoms instead of the disease. This monthly post will highlight many of the major “symptoms” that teams are struggling to deal with. Our take: deal with the disease.
Last month featured a number of interesting, if troubling stories, ranging from the largest credit card theft indictment in history, to using Twitter to control botnets. So without further ado, here are a selection of some of the top endpoint security stories for August 2009: ( Read More… )
I came across this post from John Pescatore today on his Gartner blog titled, “Twelve Word Tuesday: I’d Start Over Again on Desktop Security”, and I couldn’t agree more. The evidence of the failure of blacklisting anti-virus can be found everywhere.
John, makes a reference to the Government’s Cash for Clunkers program and I think the analogy is an appropriate one. There are many desktop security companies that are heavily invested in the way things are today. Their recurring revenue model is based on subscriptions to a bloated blacklist. Their security solutions work on a find and clean model and not a preventative model. The likelihood that they will “start over” on security is slim to none and more likely they will keep trying to add a fresh coat of paint, change the tires and oil and patch things together with new additions. The problem is the engine is broken and won’t last much longer. ( Read More… )