Current Affairs

Being Pro-Active Against the "0-Day" Threat

by Paul Asadoorian on January 21, 2010

Recent investigations into the Google "Aurora" incident uncovered evidence that Chinese attackers used a 0-day exploit for Internet Explorer to gain access to Google employees’ computer systems. This event has sparked the release of Microsoft Security Bulletin MS10-002 - Critical , and a public exploit for the vulnerability. To mitigate this vulnerability, Microsoft originally recommended that customers upgrade to Internet Explorer 8, and enable DEP (Data Execution Prevention). On January 21, 2010 Microsoft released an "out-of-band" patch for the vulnerability, which fixes the problem on Internet Explorer version 6, 7 and 8. Methods exist to reliably exploit Internet Explorer versions 6 & 7, and there are several people who have working exploits for IE version 8, including Dino Dai Zovi, a well-respected vulnerability researcher. (A concise list of the details surrounding this issue can be found in this article).

Being Proactive

Many organizations are likely to implement the patch released by Microsoft since the issue has been receiving a lot of media attention. Patching because of a media event is an all-too-common mistake made by many organizations that cannot be convinced to implement new security measures until exploits make the news. Patching systems needs to be part of an organization’s overall strategy – not just a reaction to a media event. When new technologies become available as upgrades to your existing systems, put a plan in place to test and migrate to them, especially if they offer increased security. The organizations doing this today are looking at the latest exploit and implementing their patch strategy as part of the standard operating procedure.

Airport Security: Don't Make The Same Mistakes

by Paul Asadoorian on January 7, 2010

Airport "Security"

Those of us who travel through any U.S. airport are used to the inconvenience of airport security - the long lines, metal detectors, having to take off your shoes, belts, earrings, and of course the ominous "liquids and gels" inspection. While most people accept these inconveniences as an unfortunate necessity, much of what has been implemented shares some of the common pitfalls found in many computer and network security programs. Using the U.S. airport security model as an example, let’s take a look at some of the security being implemented and relate it to security gone wrong in the enterprise:

  • Throwing Technology at the Problem - Airports are equipped with some of the latest technology to provide security, such as full body scanners and x-ray machines, yet breaches still happen. Most of us who have served in a security role in an organization are all too familiar with this problem. The typical knee-jerk reaction from management to a security problem is to buy a product, such as a firewall, and install it on the network. Technology is important, but the process and people that surround it are what really makes it work. Training people to administer the firewall, and other security measures, to ensure they are being used properly is the key to success. Policy also needs to exist and be enforced, allowing businesses to operate securely.
  • airport-security-line.jpg
    The dreaded long lines at airport security are a by-product of the current security model at U.S. airports.

    20/20 Hindsight – Walmart Lessons Learned for Tenable Customers

    by Ron Gula on October 23, 2009

    Wired magazine recently ran an excellent story detailing how Walmart suffered a deep intrusion. The story provides many examples of cliché security lapses such as not disabling a remote VPN account for a former Walmart worker. This blog entry describes how customers using Tenable Unified Security Monitoring solutions can learn from these mistakes and get more value out of their investment with Tenable.