Slashdot Mirror
Security Industry Faces Attacks It Can't Stop
itwbennett writes "The takedown of the Mariposa botnet and so-called advanced persistent threat attacks, such as the one that compromised Google systems in early December, were hot topics at the RSA conference last week. What both Mariposa and the Google attacks illustrate, and what went largely unsaid at RSA, was that the security industry has failed to protect paying customers from some of today's most pernicious threats, writes Robert McMillan. Traditional security products are simply not much help, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. 'All of the victims we've worked with had perfectly installed antivirus,' he said. 'They all had intrusion detection systems and several had Web proxies scan content.'"
The dark side of computer "security" pays far better than the good side. I was contracted to setup a number of servers for a company, and as it turned out, they were part of this "dark side." I told them I had an ethical conflict, and decided to remove myself from the situation about 2 hours into it.
The problem is, other than the coders and the boss, many people do not know they are working for these companies. This particular company had about 15 people. 3 were in the know, the other 12 were support for shipping, gathering information, making contacts, and advertising, etc. When dealing with spyware/malware, there is a lot of butt covering, and evasion.
The programmers in particular were amazing coders, some of the best that graduated at the same university I went to. This is how I got contacted to help. Only after we started talking did I realize what they were all about. The pay was almost double what they would have made at a legitimate company.
e (damn /. and its short subject field).
Our state CISO was fired when he got back from the conference because he spoke about a hacking incident to the state's DOT site which allows one to schedule driver's exams. Apparently, it was initially presumed the attack came from Russia but was later found to have come from Philadelphia where a driving school had exploited a vulnerability in the web site to schedule more driving tests than there were allotted slots.
By exploiting this vulnerability, the driving school was able to close all available slots EXCEPT for the school so everyone else had to wait up to 6 weeks to schedule a test.
He was a scheduled presenter with over 24 years in IT in both the public and private sector. He was recognized, according to the RSA schedule, as "one of the most high-profile experts in the field of securing the data of American citizens today."
As you read the comments after the article, it's clear that some folks with knowledge of the subject insist he went out of bounds on the subject while others consider what he did to be a normal part of the IT security process.
I'm only posting this as it does relate to the overall RSA conference. Note that the web site indicated will probably prevent reading the article after a certain time has passed so read it now. In addition, here are two other sites which talk about the firing:
Site one
Site two
Further, here is an article which talks to the firee after he became the state's first CISO and what he had to contend with.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
you don't need to click any more. Most of the malware I'm cleaning up these days is delivered via Flash, and distributed by advertisement servers that have been hacked. All you have to do is visit a site that gets paid to serve random ads, and you can get infected.
Not automatic, but whitelisting security systems like that exist. Core Force is the one I know of. It has some sort of system for sharing whitelists for specific applications among users.
Centralization breaks the internet.