Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec CTO on Flash Attacks

Posted by michael on from the speeding-bullet dept.

scubacuda writes "Robert Clyde, CTO of Symantec, recently warned an audience at the United Nations that there's an increasing gap between the speed at which attacks are being launched and the industry's ability to respond. Most attacks on Web sites are classified as Class III threats because they tend to take several hours/days to execute. Recently, however, Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. Before long, Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I "Flash attacks." To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode. Admins would need better ways of locking down networks so an attack on one router is automatically recognized by all routers on the network; throttling back the throughput of suspicious packets on the network in order to limit damage; automating tools for ensuring that all network clients are compliant with security policies; and creating Web services technologies that do not interfere with application performance."

5 of 179 comments (clear)

  1. Network structure server software by behemot · · Score: 5, Insightful

    How about launching that money into developing more attack-resistant public network structure? Or working on improvements in server software?

    I'm feeling uncomfortable with execs trying to stir up public funding for their non-public industry.

  2. Symantec and it's dirty tricks by ebuck · · Score: 4, Insightful

    Symantec has a long history of trying (and somtimes succeeding) to create panic in the realm of computer security.

    Usually it is accompanied by a round of advertisement telling you how (through the use of their products) you can protect yourself.

    I am all for computer security, and no doubt there are many pitfalls yet to come, but staffing enough programmers to instantly respond to what they term a "flash attack" would make Microsoft look like small potatoes. I guess during all of that free time between attacks they can rewrite MSxxx to close those bugs MS can't get around to (in six years or more)

    On the other hand, look for rising stock prices as Macromedia sues Semantic for defamation and misuse of their branded media player.

  3. or... by davidu · · Score: 4, Insightful

    or, we could just do a better job of:
    • segmenting our networks.
    • filtering egress traffic.
    • filtering unwanted ingress traffic upstream.
    • diversifying network hardware. (many routers fell over during SQL slammer because of packet characteristics, not because they were vulnerable to a MSSQL worm
    Basically, admins need to start taking some more responsibility and encouraging their employers to start supporting their proactive, yet defensive efforts.

    But that's just me...maybe people do want more 'windows update'-like systems so they can get back to their game of tetris.
    -davidu
    --

    # Hack the planet, it's important.
  4. "Flash Attacks" from Well Funded Hackers? by KrispyKringle · · Score: 4, Insightful
    "Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I 'Flash attacks.' "

    I'm not sure I see how this necessarily follows. Certainly it is possible, and part of security is taking into account what can be done, but I don't know how you would assume it at all likely. If I had to name the biggest security threat right now (in my humble opinion, that is) I'd be far less concerned about groups of well-funded hackers (funded by who? Terrorists? Saddam? Commie subversives?) than I would about DDoS attacks launched by some bored teen-ager (something a little more television should cure, at any rate).

    DDoS attacks are very difficult to stop so long as plenty of unsecured home computers are available on broadband connections. All the host-based security in the world by the victim is virtually useless if he hasn't the bandwidth to resist the attack.

    Meanwhile, where are these groups of well-funded attackers, and what motivation have they? DDoS attacks are individual events; they do not propogate themselves across the internet the way SQL Slammer did. Each is of course its own sort of risk, and the effects of worms such as Slammer are similar, creating DoS attacks by attempting to propogate so fast. But I just don't see what connection more and more aggresive worms have to do with groups of organized, well funded hackers acting for international terrorists or the like (a concern repeatedly brough up by the US Cybersecurity Czar). This sounds, in some respects, like Clyde is reiterating the same refrain, a refrain which calls for harsher crackdowns and beefing up target security when we should be holding companies with insecure code (such as MSSQL) responsible and encouraging software companies and users to beef up security not only on servers but on PCs, as well.

    In regards to how much real-world damage a cyberattack can create, this is a matter of much dispute, and it seems highly unlikely that terrorist organizations will resort to such moves rather than traditional, far more terrifying and effective acts of random violence. Still, I am pleased that some interest is being taken into cybersecurity; I just hope the focus is in the right place.

  5. The real point about Slammer by lseltzer · · Score: 4, Insightful
    >> Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. ... To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode.

    Of course, Slammer had been patched 6 months prior. So a big part of this problem is that people don't apply patches.