quinta-feira, 23 de novembro de 2006

Video: The New Attack Frontier

NOVEMBER 21, 2006 Careful playing that video file: It could be infected. Researchers say video files are becoming the new mode of transportation for malware.

There's been a recent increase in proof-of-concept code for embedding malware in Windows Media and RealMedia files, for instance. The first known exploit using such a technique was spotted last week by McAfee; it was a worm aimed at Real Networks' RealPlayer and RealMedia files. Although the so-called W32/Realor.worm is considered a low-risk exploit, it opened the door for similar attacks via video players, security experts say.

Video is the new frontier for attackers. "This is one of the top attack vectors you should be concerned about. The potential [damage] is pretty massive," says Mark Zielinski, security engineer for Arbor Networks' Security Engineering and Response Team.

The Realor worm basically uses an infected hyperlink in a video file, and to do its dirty work it requires that a user click the poison link.

Attackers used to stick malware executables in an email attachment, but those typically get stopped at the email gateway, so attackers have resorted to using known applications as a way to deliver their malicious code.

These types of attacks aren't limited to video files. Zielinski says there's been an increasing number of vulnerabilities being published in Word, PowerPoint, and Real Networks' RealPlayer. "This kind of attack exists in any format where an application is willing to render an image."

If one of these attacks makes it successfully into the corporate network, it typically sets up a backdoor, so the victimized computer sends a connection back to the attacker, and the hacker doesn't have to initiate the connection, Zielenski says, and it can get by the firewall. It would be a popular method for a targeted attack, he says.

At the heart of the problem is the fact that video and audio formats -- as well as "workshare" apps like Word and PowerPoint -- contain multiple, complex features that leave them prone to attack, says Dimitri Alperovitch, principal research scientist with Secure Computing. "Those are files piquing the interest of virus writers... At the beginning of this year, we saw an increase in worms targeting Microsoft Office."

"As these applications become more and more bloated with features, this threat will continue to rise," he says, as well as with those video players that automatically load an embedded link in a video file when you open a video file.

"Old video files were just sets of frames you could view and create video applications [with]," he says. "Now you can insert all kinds of things into a video file: information about it, external links, etc. That presents more possibilities for exploitation."

YouTube is a prime candidate for attack, as well as other multimedia sites. Arbor's Zielinski says all it would take is an attacker downloading a video from YouTube, injecting his exploit, and re-uploading it, and then anyone who viewed it would get infected. "If there were 20,000 people viewing a popular video, they would get [infected]."

How do you protect yourself from a video attack? Aside from running the usual antivirus and host-based IPS tools, you should trust no outside sources.

"Be careful which documents you open," says Secure Computing's Alperovitch. "Nowadays, you can't trust any sort of data file you get from someone you don't know."

— Kelly Jackson Higgins, Senior Editor, Dark Reading



MS SQL Server 2005 - 1 ano

O produto Microsoft SQL Server 2005 comemorou 1 ano de vida em Novembro.
 

The New Official (ISC)2 Guide to the CISSP CBK has been released

From CCCure.org:

Here it is at last. The latest version of the Official ISC2 Guide to the
CISSP CBK Has been released. The first version has some issues with typos
and repetition, this one has greatly improved overall.

This book was published under the supervision of Hal Tipton who is really
THE master fo the CISSP certification. Hal has published dozens of books in
the past and he's a great editor.

This is the most updated material that you can get in preparation for the
exam.

See the details below:

*Official (ISC)2 Guide to the CISSP CBK* *Harold F. Tipton* /HFT Associates,
Villa Park, California, USA/ *Kevin Henry*
/(ISC)2 Institute, North Gower, Ontario, Canada/
Series: *(ISC)2 Press
*List Price: *$69.95
*Cat. #: *AU8231
*ISBN: *0849382319
*Publication Date: *11/14/2006
*Number of Pages: *1112
*Availability: *In Stock/Available NOW!

Provides detailed security analysis that is compiled and reviewed by CISSPs
and (ISC)2 members Delivers a thorough analysis of all ten CISSP CBK topics
Provides guidance for students towards a professional certification that is
a true career differentiator Contains a total of 200 CISSP exam sample
questions

The urgency for a global standard of excellence for those who protect the
networked world has never been greater. (ISC)2 created the information
security industry's first and only CBKR, a global compendium of information
security topics.. Continually updated to incorporate rapidly changing
technologies and threats, the CBK continues to serve as the basis for
(ISC)2's education and certification programs.

Written as an authoritative reference, the Official (ISC)2R Guide to the
CISSPR CBKR provides a better understanding of the CISSP CBK - a collection
of topics relevant to information security professionals around the world.
Although the book still contains the ten domains of the CISSP, some of the
domain titles have been revised to reflect changing terminology and emphasis
in the security professional's day-to-day environment. The ten domains
include: information security and risk management, access control,
cryptography, physical (environmental) security, security architecture and
design, business continuity (BCP) and disaster recovery planning (DRP),
telecommunications and network security, application security, operations
security, legal, regulations, and compliance and investigations.

Endorsed by the (ISC)2, this valuable resource follows the newly revised
CISSP CBK, providing reliable, current, and thorough information. Moreover,
the Official (ISC)2R Guide to the CISSPR CBKR helps information security
professionals gain awareness of the requirements of their profession and
acquire knowledge validated by the CISSP certification.

Get HERE to get more details or your own copy directly from the publisher
<http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=AU823
1&parent_id=&pc=&af=W1142>

or visit:
http://www.crcpress.com/shopping_cart/products/product_detail.asp?sku=AU8231
&parent_id=&pc=&af=W1142

quarta-feira, 22 de novembro de 2006

Tutorial - CCCure

CCCure First Flash Based Tutorial has been released

Good day to all,

I am proud to announce the release of our first flash based tutorial. This is the first in a series of tutorials Nathalie and me are producing. Eventually we will have one for each of the ten domains of the CISSP.

This tutorial gives you a very thorough view of what the CISSP exam consists of, what are the requirements, how you prepare for the exam, what are the resources available, and other tips that will allow you to pass the exam on the first attempt.

This tutorial attempt to present into a single session what many others have tried within short and inadequate presentation. Most seminar and live classes will only spend 10 to 15 minutes on this subject, leaving the student misinformed.

You can access the tutorial at:

http://www.cccure.org/modules.php?name=Downloads&amp;d_op=viewdownload&cid=92

CHRISTMAS SPECIAL

I would also like to mention that CCCure.Org is offering some great special on some of the items we have for sale within our webstore. Some of these special can save you hundreds of dollars on the regular price. Visit
http://www.cccure.org and you will see the specials being offered at the top left of the main page. Those specials will run until the 24th of Decembre.

Best regards

Clement and Nathalie

sexta-feira, 17 de novembro de 2006

E-mail security

Excelente conteúdo a respeito de segurança de e-mail. Acesse http://go.techtarget.com/r/747612/3191059.
 
 

How To Protect Your Mobile Data

Vejam este artigo sobre a proteção de dados em dispositivos móveis:
 
 
 

terça-feira, 14 de novembro de 2006

Microsoft oferece beta público para cliente de antivírus para desktop

Microsoft oferece beta público para cliente de antivírus para desktop

Por Robert McMillan, para o IDG Now!*

 
 

segunda-feira, 13 de novembro de 2006

Webcasts ISACA

O ISACA possui webcasts muito interessantes, além de fornecer CPE Credits.
 
 

Grupos ITIL e COBIT - PR

Hoje retomamos as discussões nos grupos ITIL e COBIT do Paraná.
 
Espero que desta vez não fiquemos tanto tempo parados...

sexta-feira, 10 de novembro de 2006

Data Center Journal

Dica: veja informações sobre Data Center em http://www.datacenterjournal.com/index.asp
 

Windows Vista precisa de antivirus?

Nova versão de Cartilha de Segurança disponível gratuitamente na Internet

Nova versão de Cartilha de Segurança disponível gratuitamente na Internet
Módulo Security News - 03 Nov 2006
 
O CERT.br (Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil) oferece download da nova versão da sua Cartilha de Segurança. O arquivo gratuito no formato PDF pode ser visualizado por meio de um programa como o Adobe Reader na Web.
 

quinta-feira, 9 de novembro de 2006

NIST Releases Special Publication 800-100

NIST is pleased to announce the release of Special Publication 800-100, Information Security Handbook: A Guide for Managers. This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program.

URL to this Special Publication:
http://csrc.nist.gov/publications/nistpubs/#sp800-100

sexta-feira, 3 de novembro de 2006

IT Control Objectives for Sarbanes-Oxley - 2nd Edition

O ISACA disponibilizou a segunda edição do documento IT Control Objectives for Sarbanes-Oxley, muito útil para quem trabalha com o tema.

Acesse em: ISACA: www.isaca.org/sox