Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec CTO on Flash Attacks

Posted by michael on from the speeding-bullet dept.

scubacuda writes "Robert Clyde, CTO of Symantec, recently warned an audience at the United Nations that there's an increasing gap between the speed at which attacks are being launched and the industry's ability to respond. Most attacks on Web sites are classified as Class III threats because they tend to take several hours/days to execute. Recently, however, Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. Before long, Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I "Flash attacks." To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode. Admins would need better ways of locking down networks so an attack on one router is automatically recognized by all routers on the network; throttling back the throughput of suspicious packets on the network in order to limit damage; automating tools for ensuring that all network clients are compliant with security policies; and creating Web services technologies that do not interfere with application performance."

6 of 179 comments (clear)

  1. Re:Flash Attacks by revmoo · · Score: 3, Informative

    A synchronized DDoS attack, launched from already owned machines, controlled by a central source would be classified as a flash attack I beleive.

    Whereas worms take some time to infect, and they "worm" their way from machine to machine, flash attacks happen suddenly, because the machines are already infected, just waiting for instructions.

    --
    I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
  2. Re:Automated mode... by FooManChuYouMoo · · Score: 2, Informative

    patches are not installed automatically via the windowsupdate website, nor 'automatic updating' in windows me/2k/xp. the user still has to accept the installation.

  3. I'm sure I'm not the only one thinking it... by Thing+1 · · Score: 2, Informative
    I think an attack on Flash would be grand. Remove those distractions once and for all.

    Side note: if you use Mozilla, download the autoscroll patch. When you middle-click to start the scrolling process, the Flash ads disappear. This is a very cool side-effect.

    --
    I feel fantastic, and I'm still alive.
  4. Proactive vs. reactive by Anonymous Coward · · Score: 1, Informative
    To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode.
    The problem with most existing security methodology is that it is reactive, not proactive. A stream of after-the-fact patches seems like an ill advised, goofy response to real attacks. Take a look at Cylant Secure for a proactive approach.
  5. PARENT POST IS PLAGIARIZED by rjh · · Score: 2, Informative

    The parent post is gratuitous plagiarism. See for yourself.

    From Bruce Schneier's February 15 Crypto-Gram:

    "But there's an interesting Microsoft twist. During the days of the attack, Microsoft tried to deflect any blame by claiming that they issued a patch for the vulnerability six months previously, and that the only affected companies were the ones who didn't keep their patches up to date. A couple of days later, news leaked that Microsoft's own network was hit pretty badly by the worm because they didn't patch their own network."

    From the parent:

    "There's an interesting Microsoft twist to the recent Sapphire Worm, aka SQL Slammer. During the days of the attack, Microsoft tried to deflect any blame by claiming that they issued a patch for the vulnerability six months previously, and that the only affected companies were the ones who didn't keep their patches up to date. A couple of days later, news leaked that Microsoft's own network was hit pretty badly by the worm because they didn't patch their own network."

    From Crypto-Gram:

    "For a couple of years now I've been saying that the idea that we can achieve network security by finding and patching vulnerabilities in the field is fatally flawed. I don't blame Microsoft sysadmins for not having their patches up to date -- no one does -- but I don't like the hypocrisy out of the company.

    The SQL Slammer worm also reopened the full disclosure debate. Microsoft announced the vulnerability in July 2002, at the same time they released the patch. A few days later, David Litchfield published exploit code that demonstrated how the vulnerability could be used to break into systems. January's SQL Slammer worm used that exact code. Some point to that and say that Litchfield should not have released the code, while others correctly say that the code wasn't hard to write, and that the worm author could have easily written it himself.

    An amusing, but irrelevent, incident: A week after the worm, I was invited to speak about it live on CNN. The program was eventually preempted by the Columbia tragedy, but not before the CNN producers invited Microsoft to appear on the segment with me. Microsoft's spokesman -- I don't know who -- said that the company was unwilling to appear on CNN with me. They were willing to appear before me, they were willing to appear after me, but they were not willing to appear with me. Seems that it is official Microsoft corporate policy not to be seen in public with Bruce Schneier."

    From the parent:

    "The idea that we can achieve network security by finding and patching vulnerabilities in the field is fatally flawed. I've been saying this for a couple of years now. I don't blame Microsoft sysadmins for not having their patches up to date -- no one does -- but I don't like the hypocrisy out of the company. The answer lies in software programmers creating secure code.

    The SQL Slammer worm also reopened the full disclosure debate. Microsoft announced the vulnerability in July 2002, at the same time they released the patch. A few days later, David Litchfield published exploit code that demonstrated how the vulnerability could be used to break into systems. January's SQL Slammer worm used that exact code. Some point to that and say that Litchfield should not have released the code, while others correctly say that the code wasn't hard to write, and that the worm author could have easily written it himself.

    An amusing, but irrelevent, incident: A week after the worm, I was invited to speak about it live on CNN. The program was eventually preempted by the Columbia tragedy, but not before the CNN producers invited Microsoft to appear on the segment with me. Microsoft's spokesman -- I don't know who -- said that the company was unwilling to appear on CNN with me. They were willing to appear before me, they were willing to appear after me, but they were not willing to appear with me."

  6. Re:Flash Attacks by Anonymous Coward · · Score: 1, Informative

    Most of Clyde`s story comes straight from the paper "how to own the internet in your spare time", only the paper has the idea in it that ever kid could apply the mentioned tricks to optimise his worm, while Clyde is thinking along the lines of "well-funded teams of hackers sponsored by countries or other organizations" ie "hollywood terrorist" with no real target but the internet.

    The paper mentiones attacking from more then one point at once (For example by building a hitlist of vulnarable systems with big pipes and getting them first) but also mentiones the multi-vector aproach used by nimda and some other tricks as well as a way of predicting a worms infection speed.