You are here: Home / Archives for attack

New attack tactic sidesteps Windows security software – Computerworld

May 11, 2010 By Leave a Comment

A just-published attack tactic that bypasses the security protections of most current antivirus software is a “very serious” problem, an executive at one unaffected company said today.

Last Wednesday, researchers at Matousec.com outlined how attackers could exploit the kernel driver hooks that most security software use to reroute Windows system calls through their software to check for potential malicious code before it’s able to execute.

Calling the technique an “argument-switch attack,” a Matousec-written paper spelled out in relatively specific terms how an attacker could swap out benign code for malicious code between the moments when the security software issues a green light and the code actually executes.

“This is definitely very serious,” said Alfred Huger, vice president of engineering at Immunet, a Palo Alto, Calif.-based antivirus company. “Probably any security product running on Windows XP can be exploited this way.” Huger added that Immunet’s desktop client is not vulnerable to the argument-switch attacks because the company’s software uses a different method to hook into the Windows kernel.

According to Matousec, nearly three-dozen Windows desktop security titles, including ones from Symantec, McAfee, Trend Micro, BitDefender, Sophos and others, can be exploited using the argument-switch tactic. Matousec said it had tested the technique on Windows XP SP3 and Vista SP1 on 32-bit machines.

via New attack tactic sidesteps Windows security software – Computerworld.

Filed Under: Tech Bytes Tagged With: , , , , , , , , , , ,

Google CEO: Were now paranoid about security | Relevant Results – CNET News

April 12, 2010 By Leave a Comment
Google Inc.
Image via Wikipedia

Google learned some hard security lessons after it was attacked late last year by hackers, CEO Eric Schmidt said Monday.

“Google is now particularly paranoid about that,” Schmidt said during a question-and-answer session following Googles Atmosphere 2010 conference before about 400 CIOs. After the company learned that some of its intellectual property was stolen during an attack that originated from inside China, it began locking down its systems to a greater degree and accelerated plans to move to Web-based systems like Chrome OS netbooks.

The attacks took advantage of a flaw in Internet Explorer 6 that was quickly patched, although the damage had been done. More than 30 U.S. companies were believed to be targeted by the attacks, but Google was one of the few that publicly identified itself as a victim because “we decided we had to tell people as a warning,” Schmidt said.

via Google CEO: Were now paranoid about security | Relevant Results – CNET News.

Related articles by Zemanta
Filed Under: Tech Bytes Tagged With: , , , , , , , , , , , , ,

What can Companies do to Protect their IP and Data from a Google-like Cyber Attack

January 22, 2010 By Leave a Comment

Google recently released information about a targeted attack on their corporate infrastructure that occurred in December. The attack came from China and according to Google, resulted in the “theft of intellectual property from Google.” Apparently they were not the only company that was under a cyber attacks. At least 20 other corporations were hit, including a law firm that was suing China.

via JD Supra: Legal Articles – What can Companies do to Protect their IP and Data from a Google-like Cyber Attack.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Cyber Attacks – A new approach to China | Official Google Blog

January 12, 2010 By Leave a Comment

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog andthis presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

via Official Google Blog: A new approach to China.

Filed Under: Tech Bytes Tagged With: , , , , , , , , , , , , ,