Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cache Servers Keeping Exploit Code Alive

Posted by ryuzaki0 on from the night-of-the-living-exploit dept.

1960's architecture writes, "At last some evidence that exploit code is hiding on servers used to cache website content. According to Techworld, Israeli outfit Finjan has come up with evidence that real exploits have hidden on cache servers used by large search engines, effectively extending their life for periods of weeks after the original website had been taken down. The exploits detailed are from 2003-2004, but the principle would still apply to any exploit website around today, and any cache servers used by any one of the three unnamed search engines. It's almost literally malware 'life after death.'"

6 of 68 comments (clear)

  1. So let me get this straight by A+beautiful+mind · · Score: 2, Insightful

    The brilliant study says: "content available as cache, even after the original source is not there, for some time"?

    Bravo! Bravo! Revolutionary thought!

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  2. How about fixing the problem instead? by jZnat · · Score: 3, Insightful

    How about fixing the problem that's exploited rather than try to hide the problem's existence in the first place?

    --
    'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
  3. Security through censorship. Wonderful. by Kadin2048 · · Score: 5, Insightful

    Exactly. The people behind this "discovery" seem to think that the best way to combat security holes is to go after the exploit demonstration code, rather than, say, actually fixing the problem.

    That's what's really frightening; that there are exploits that have been in the wild and in the hands of the black hats for three years, which still have not been patched.

    Those "exploit sites" are not the enemy here. If anything, they're a powerful tool that lets the 'good guys' be on equal footing, or near equal footing, with the bad guys, who are probably trading exploits around in IRC channels regardless of whether they're on the WWW or cached or not.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  4. Easy solution for future exploits by The+Clockwork+Troll · · Score: 2, Insightful
    <META NAME="ROBOTS" CONTENT="NOARCHIVE">
    <META NAME="msnbot" CONTENT="noarchive">

    Done.

    --

    There are no karma whores, only moderation johns
  5. It's kinda like Polio and Malaria... by Goldenhawk · · Score: 4, Insightful

    This article has (here on /.) already raised the question "Why can't we stamp out the viral code from archives?" Well, let's take a lesson here from biology.

    The human race took two different solutions to polio and malaria. (I'm not a doctor, so forgive any minor inaccuracies.)

    With malaria, we took the "stamp out the viral archive" approach. We tried to kill the carriers - the mosquitos. If we can eliminate all the mosquitos that carry the infection (like eliminating old internet caches), nobody will have to worry about getting infected. Well, guess what - it didn't work. Malaria is a HUGE problem in many third-world countries, routinely killing a million Africans a year and costing $12 BILLION annually in Africa alone (see last week's WashPost Magazine article for details; registration required: http://www.washingtonpost.com/wp-dyn/content/artic le/2006/10/04/AR2006100400127.html). The problem? You simply can't squash all the bugs. Only recently has attention turned to developing an artificial method of immunity from the disease, so that the bugs won't matter (at least, from that perspective).

    With polio, we took the approach that preventing infection was the key. We innoculated EVERYONE, so that even if the virus surfaced, it wouldn't cause infections. It's proven to be a largely effective solution, with only a few periodic pockets of infection occurring in remote parts of Africa where the youngest are not innoculated afresh. And that problem is fairly easy to control.

    Same thing here. Forget the archives. That's naive. Instead, focus on better immunity.

    --
    --Brandon / Split Infinity Music

  6. Re:Yes, and so what? Haven't you patched?! by Anonymous Coward · · Score: 2, Insightful

    Here's a long-view perspective though. In my research (chemistry) I use a 486 almost daily. The computer is infected with an old innocuous boot-sector virus, and I simply don't remember enough DOS/486 era stuff to put on a proper antivirus solution without seriously diverting my research in the short term. Luckily, my modern-era computer is solid vs. this old school virus - this is the other reason I haven't bothered fixing the old one. If this were a nastier virus, and my AV protection didn't go back far enough, I'd be in trouble. I think this scenario is where the problem lies (now and in the future) - how retroactive do we need to be with AV? In 20 years, it's conceivable to me that malware writers will start focusing on more esoteric classes of victims (such as science laboratory Win 98/NT/XP computers - they're generally networked on fast connections, unmonitored for long periods of time, and likely to be mentally written off as "not my responsibility", especially re: hardening vs. decades old attacks).

    In summary, security-through-obsolescence is as big a fallacy as security-through-obscurity, and the article point out that just because the tech is obsolete doesn't mean the cracks will be...