Wednesday, December 17, 2008

Cisco releases 2008 Annual Security Report

Cisco has released their 2008 Annual Security Report.

Report can be found here.

Registration is required for download but email address is not verified. =)

Highlighting Global Security Threats and Trends

The Cisco Annual Security Report provides a comprehensive overview of the combined security intelligence of the entire Cisco organization.

Encompassing threat and trends information collected between January and October 2008, this document provides a snapshot of the state of security for that period. The report also provides recommendations from Cisco security experts and predictions of how identified trends will continue to unfold in 2009.

Key Findings

This year's report reveals that online and data security threats continue to increase in number and sophistication. They propagate faster and are more difficult to detect.

Key report findings include:

* Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide

* The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007

* Vulnerabilities in virtualization products tripled to 103 in 2008 from 35 in 2007, as more organizations embraced virtualization technologies to increase cost-efficiency and productivity

* Over the course of 2008, Cisco saw a 90 percent growth rate in threats originating from legitimate domains; nearly double what the company saw in 2007

* Spam due to email reputation hijacking from the top three webmail providers accounted for just under 1 percent of all spam worldwide, but constituted 7.6 percent of all these providers' mail

Fortunately, responses to these threats and trends are improving. Advances in attack response stem from the increased collaboration between vendors and security researchers to review, identify, and combat vulnerabilities.

Wednesday, December 10, 2008

SANS ISC is reporting 0-day exploit for Internet Explorer in the wild

Just a heads up that SANS Internet Storm Center is reporting a 0-day exploit for Internet Explorer in the wild.

In these situations it is always wise to exercise caution when using IE until more details emerge.

My apologies if you have seen this already …



0-day exploit for Internet Explorer in the wild
Published: 2008-12-10,
Last Updated: 2008-12-10 09:38:03 UTC
by Bojan Zdrnja (Version: 1)

As reported by some other researchers, there is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon.

This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine.

The exploit is a typical heap overflow that appears to be exploiting something in the XML parser. After setting up the heap (spraying it – allocating 159 arrays containing the shell code) the exploit checks if couple of things are satisfied before continuing:

The user has to be running Internet Explorer
The version of Internet Explorer has to be 7
The operating system has to be Windows XP or Windows 2003

If these things are satisfied, the exploit creates an XML tag as shown above. What is also interesting, and can be seen in the code above is that it waits 6 seconds before executing the code – this was probably added to thwart automatic crawlers by anti-virus vendors.

We have not confirmed yet if other versions are affected (Internet Explorer 6 or Internet Explorer 7 on Microsoft Windows Vista).

How to mitigate? This is a difficult question as we have not analyzed this completely yet. If you use an alternative browser you are not affected. When we get more information we will update the diary.


Monday, December 8, 2008

CSIS Commission on Cyber Security for 44th Presidency has published its final report

The CSIS Commission on Cyber Security for 44th Presidency has published its final report:

The final document titled Securing Cyberspace for the 44th Presidency is available here.

If you get a moment, this may be worth a look since speculation in the security community is that this report is likely to significantly influence US government actions -- organization changes, regulations, laws, purchasing, and R&D funding, etc.

My apologies if you have already seen this, ..