DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
May 07, 2008
Defend against patch-based exploits, warns Sans
Security training organisation the Sans Institute claims centralised patch management can be used to counter the threat of automated, patch-based exploit generation.
The advice, published on Monday, follows the release of research from the University of California at Berkeley, University of Pittsburgh and Carnegie Mellon University that maintains that exploits for vulnerabilities in code can be reverse-engineered from patches and generated automatically.
The paper recommended that software patches be distributed in encrypted form, to reduce the amount of time attackers have to reverse-engineer the patch. However, Sans contributor John Bambenek criticised this approach, saying that the major problem with patching was the time it takes to reboot systems once a patch has been applied.
"The problem with this is that the delay from the time of releasing the patch is not caused from the rolling cycle of downloads but from the need to reboot systems after a patch is applied (most of the time)," wrote Bambenek. "In short, a system may still have the key to decrypt a patch but it would not be applied until either the user rebooted the machine or at some default time when a reboot is acceptable (ie, 3am)."
Instead, Bambenek called on systems managers — "the people in the trenches" — to centrally manage patch distribution and other defence measures such as hot fixes and kill bits — Microsoft workarounds to stop unexpected ActiveX execution in Internet Explorer.
"If we get out hot fixes, registry changes, kill bits or any other defence, centralised configuration management allows for the quick deployment of these minor protective changes that will allow you to 'limp along' until a patch can be applied," wrote Bambenek.
However, those managers deploying configuration and patch-management products should be aware that any patch-management application becomes the "absolute most important system in your environment, even more important than those that house trade secrets".
"A configuration-management system becomes a 'single point of 0wnership' that allows an attacker to take direct control over not one machine but an entire organisation, whole and entire," wrote Bambenek. "Protect the keys to the kingdom."
Bambenek also called on software manufacturers to bring out patches that don't require a reboot and for the security researcher community to speedily bring out any necessary workarounds.
"Some patches will require reboots and there will be no way around that. We need to find defences to allow people to protect themselves in the meantime," wrote Bambenek.
Source: ZD Net
All news for July, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
