Slashdot Mirror
Symantec CTO on Flash Attacks
scubacuda writes "Robert Clyde, CTO of Symantec, recently warned an audience at the United Nations that there's an increasing gap between the speed at which attacks are being launched and the industry's ability to respond. Most attacks on Web sites are classified as Class III threats because they tend to take several hours/days to execute. Recently, however, Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. Before long, Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I "Flash attacks." To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode. Admins would need better ways of locking down networks so an attack on one router is automatically recognized by all routers on the network; throttling back the throughput of suspicious packets on the network in order to limit damage; automating tools for ensuring that all network clients are compliant with security policies; and creating Web services technologies that do not interfere with application performance."
I thought that already was happening every time I go to a site with flash banners. Flash Attack. Yes, that name fits quite nicely.
and Symantec has just the product to sort all this out?
Alex
How about launching that money into developing more attack-resistant public network structure? Or working on improvements in server software?
I'm feeling uncomfortable with execs trying to stir up public funding for their non-public industry.
You mean like Windows Update?
No, no, no. We're talking about something that helps to fix the problem.
It seems to me that's exactly what they're doing.
No not making the worm, but going to address the UN about these three classes of attacks. Who came up with these classes and the names? I would be surprised to find out it was anyone other than Symantec, I've never heard of them before.
In particular this supposed "Class I flash attack" which sounds right out of your favorite cold war B-Movie, Clyde is warning of well funded squads of uber hackers funded by national agencies. He is just pandering towards current international paranoia regarding terrorism.
It's even better than creating the attacks themselves (since you run the risk of gettin caught), creating attackers that don't even exist! (yet?)
Speculation and cyber fantasy aside, everyone who lets loose worms or viruses to my knowledge generally turns out to be people with no backing and no real agenda. Has there ever been evidence of international players being caught with their hand in the cookie jar funding any kind of worm or virus or ddos attack?
And really, if you were to effectively prevent this kind of attack by deploying systems widely, wouldn't these super hackers simply launch an attack when they had found an effective way around these measures?
I think it's more likely that frequent update systems would keep out the lowest common denominator attacks, script kiddies and common worms.
Don't get me wrong i think there are big issues with how software comes configured and how security holes are dealt with, and i think it is for the good of the internet as a whole organism that these be addressed, and one of them may very well be very quick automated updating of network facing software.
But it pisses me off to see someone from what i would consider a shady industry (virus protection) addressing people at the UN about these future terrorist hacker squads or whatever, essentially fear mongering to sell software. All on the backs of a great tragedy that had nothing to do with any of this.
"It will not be long before well-funded teams of hackers sponsored by countries or other organizations begin to create Flash attacks that can be launched in seconds,"