Thursday, July 28, 2005
During my holiday in France a journalist of the Belgian newspaper L'Echo interviewed me concerning the general virus problem. You can find more at my press page which you can find at www.anti-malware.info/press.htm . Even during my vacation I'm always seems to work ... and oh yes for the people who are trying to catch me via my mobile phone don't worry if you hear a redirection message on my phone. This is normal as I just switched to another phone number. However my old number remains with me .. possibly for ever. Please take pen and paper to note down my new number the next time you call me!
Cisco router worms?
The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees.
The legal moves came Wednesday afternoon, only hours after Lynn gave the talk at the Black Hat security conference here. Lynn told the audience that he had quit his job as a researcher at ISS to deliver the presentation, after ISS had decided to pull the session. Notes on the vulnerability and the talk, "The Holy Grail: Cisco IOS Shellcode and Remote Execution," were removed from the conference proceedings, leaving a gap in the thick book.
Lynn outlined how to run attack code on Cisco's Internetwork Operating System by exploiting a known security flaw in IOS. The software runs on Cisco routers, which make up the infrastructure of the Internet. A widespread attack could badly hurt the Internet, he said.
The actual flaw he exploited for his attack was reported to Cisco and has been fixed in recent releases of IOS, experts attending Black Hat said.
Following his presentation, Lynn displayed his resume to the audience and announced he was looking for a job. Lynn was not available for comment. Representatives of the Black Hat organization said the researcher was meeting with lawyers.
Update, update and update that's still the old story, because if you update you will not get this sort of attack but of course you're maybe more vulnerable to another one .... pffff It's getting boring isn't it?
The legal moves came Wednesday afternoon, only hours after Lynn gave the talk at the Black Hat security conference here. Lynn told the audience that he had quit his job as a researcher at ISS to deliver the presentation, after ISS had decided to pull the session. Notes on the vulnerability and the talk, "The Holy Grail: Cisco IOS Shellcode and Remote Execution," were removed from the conference proceedings, leaving a gap in the thick book.
Lynn outlined how to run attack code on Cisco's Internetwork Operating System by exploiting a known security flaw in IOS. The software runs on Cisco routers, which make up the infrastructure of the Internet. A widespread attack could badly hurt the Internet, he said.
The actual flaw he exploited for his attack was reported to Cisco and has been fixed in recent releases of IOS, experts attending Black Hat said.
Following his presentation, Lynn displayed his resume to the audience and announced he was looking for a job. Lynn was not available for comment. Representatives of the Black Hat organization said the researcher was meeting with lawyers.
Update, update and update that's still the old story, because if you update you will not get this sort of attack but of course you're maybe more vulnerable to another one .... pffff It's getting boring isn't it?
Monday, July 25, 2005
Anti-Spyware Coalition
At least one real interesting fact happened during my vacation. The start of the new Anti-Spyware Coalition. You can find more info of this at
http://www.antispywarecoalition.org
Let's hope that at least we got some good definitions now! That's the reason why you can't compare anti-spyware functionality very well within the products at this moment.
http://www.antispywarecoalition.org
Let's hope that at least we got some good definitions now! That's the reason why you can't compare anti-spyware functionality very well within the products at this moment.
Back home and up to the work ...
Unbelievable what you get in your mailbox after 2 weeks vacation ... looking to over thousand messages (without Spam) is always a heavy task and that's just for one email account. I have about 10 email accounts. It stayed quite calm this year concerning viruses ... yes I know Sven Jaschan came away with about 30 hours community service, we got a London bombing Trojan , we got an old 'normal' virus out in-the-wild and that's it. So this is quite different from the past years in my opinion. Let's see what the future will bring us.
Friday, July 08, 2005
Friday, July 01, 2005
Anti-Spyware again wrongly tested and Vacation!
Unbelievable ... again an anti-spyware test which is completely ridiculous. Data News, a local well known Belgian IT magazine, which produces normally quite good tests has tested several spyware packages with the installation of 'one' software which includes some spy- and adware.... that's exactly the same as testing with a 'zoo' of '2' or '3' viruses ... and that's of course not valuable! Even worse, packages which are maybe not so good could be coming up with very good results ... Also the question remains: when is the malware really gone? What is the real malware? So long as we have no clear definition of ad- and spyware I recommend to stop all tests or .. at least do it with over 1000 malwares. I know that's not easy, isn't it? These tests are definitely not the only ones which are done in a wrong way. It happened also before with most of the tests I saw in other international magazines.
There are also other things to say about it but I stay calm as I am busy preparing my luggage for my vacation in France! We are ready to go to do a Tour de France. Ok I'll be away for the next 14 days however I will post a picture from time to time on the Weblog. And like every real AV expert I am prepared when outbreaks should overflow the world. That means that I'm not too far away to jump in action when needed. Nevertheless let's hope the first part of July will stay calm in VirusLand of should I say MalwareLand?
There are also other things to say about it but I stay calm as I am busy preparing my luggage for my vacation in France! We are ready to go to do a Tour de France. Ok I'll be away for the next 14 days however I will post a picture from time to time on the Weblog. And like every real AV expert I am prepared when outbreaks should overflow the world. That means that I'm not too far away to jump in action when needed. Nevertheless let's hope the first part of July will stay calm in VirusLand of should I say MalwareLand?