Posts Tagged ‘hype’

Millennium Falcon crash and burn

Tuesday, January 5th, 2010

Ironically, we seem to be seeing more date-related issues this month than we did at the start of the noughties, unless The Register is making this all up, which doesn’t seem likely.

http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/
http://www.theregister.co.uk/2010/01/04/bank_queensland/
http://www.theregister.co.uk/2010/01/05/symantec_y2k10_bug/
http://www.spamresource.com/2010/01/spamassassin-2010-bug.html

[And this one:
http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/?ocid=twitter]

It’s not really surprising: this is a more-or-less accidental cluster of somewhat similar bugs, as far as I can see. It’s certainly not an industry-wide issue that was foreseen years in advance and therefore attracted serious proactive research and remediation.

In fact, if there’s a lesson here, it’s one for the people who dismiss the entire Y2K remediation issue as hype and wasted resources. Well, there was a great deal of hype around at that time (did anyone actually see a Y2K virus?), and a number of consultants made money out of advising IT people on the ground to do what they were already doing.

However, given the (short-term) impact of this handful of unanticipated (but fairly easily fixed) bugs, I think it’s reasonable to assume that if system administrators and support technicians all over the globe hadn’t done that proactive remediative work, the first weeks of the new millennium would have been a lot more dramatic.

Like Ross Anderson (http://www.cl.cam.ac.uk/~rja14/Papers/y2k.pdf), I doubt if the sky would have fallen, but some of the consequent issues would have been harder and more expensive to fix reactively.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com

Tags: , , , , , , , , , , , ,
Posted in David Harley, New Year date bugs, Y2K | No Comments »

iPhone worm hits Jailbroken phones

Tuesday, November 10th, 2009

By now the media machine has moved into action and all sorts of nonsense has been spouted about the creation of a worm that spreads on jailbroken iPhones, written by a guy called ‘ikee’. The facts are these,

  1. It ONLY affects jailbroken phones – if your iPhone is not jailbroken then you are not vulnerable
  2. It ONLY affects jailbroken phones that have OpenSSH installed (This involves you having consciously installed OpenSSH)
  3. If you have changed the default passwords for the ‘root‘ and ‘mobile‘ accounts subsequent to installation, you will not be vulnerable to this worm.

It’s tempting to say ‘I told you so’ on this one, as, I actually did state this fact 2 days before the worm was released. On a panel at the AVAR2009 Conference discussing vendor future strategy, someone brought up the idea that the iPhone will be a desirable platform for exploitation. This is true, but as I pointed out, the biggest risk is not so much to users who are using the default OS provided by Apple, because they are in a strictly controlled environment, with Apple as the benevolent dictator, as it is to those users who have jailbroken phones, at which point – you’re on your own.The whole thing does highlight the potential though, there’s no reason why any platform is automagically protected from malware, so it’s no real surprise to anyone that this sort of thing has happened. David Harley (among others) has written more on this subject here, and as always, it’s worth reading.

Andrew Lee CISSP
AVIEN CEO

Tags: , , , , , ,
Posted in Anti-Malware, Conferences, David Harley, Mobile, Worms | No Comments »