StillSecure, After All These Years: rootkits

5 posts categorized "rootkits"

February 12, 2008

This blog is being interrupted ..

by a severe toothache. I went to the dentist last week and don't understand why he didn't just pull it then. Actually the story is that he advised an implant that is not covered by insurance and costs 2,000 dollars plus the crown and such. On top of this he said they had to order the implant and I had to come back with someone to drive me. So they made my appointment for the 22nd. What was I thinking, that I could walk around with a toothache for 2 weeks!

I flew to Colorado Sunday night and by Monday morning my face was swollen. On the way back to Florida and getting this tooth pulled tomorrow, implant or not. There is no pain worse than a tooth ache! I think I am going to file this one under rootkits.

09:14 AM in General Background, rootkits | Permalink | Comments (0) | TrackBack (0)

July 28, 2006

Does this take a genius?

Was reading an article by Ellen Messmer and Tim Greene over in NetworkWorld today on Black Hat buzz. I am interested to see some of the security issues around Vista they talk about, especially the rootkit from COSEINC and Joanna Rutkowska. It is called Blue Pill and seems like a particularly nasty one. Perhaps not something you would patch to fix, but goes to Vista's architecture. I think it is a very smart move by Microsoft to encourage this sort of thing by sponsoring and being visible at Black Hat. Lets find out about the holes, before Vista is released while we can do something about it. This seems like a refreshingly different approach by the folks in Redmond and I commend them.

Another presentation that I am looking forward to, for a different reason though, is the one by Ofir Arkin of Insightix. I wrote about this one back in early July. These are the guys who are going to show how it is possible to evade every NAC solution, except theirs of course. This is one where I think the folks at Black Hat were duped. Does Ofir think he has discovered something by showing how NAC solutions that rely on DHCP can be evaded by static IPs? Every customer we speak to about DHCP enforcement brings up this same issue. No rocket science here folks. This is why we don't think DHCP is the optimum way to deploy a NAC solution. But in the absence of other enforcement technologies like 802.1x, it is the best of the rest. I still think it more secure than the SNMP based stuff.

Bigger picture, in security it is always about choices and risk. If you don't feel your risk is high enough to warrant upgrading your network to a more secure way of doing NAC, you make do with DHCP. I think for every security technology out there, there is a way for a determined hacker to evade it. That is exactly why a defense-in-depth is the way to go. Not that it is impossible to get through, but the time and effort involved in doing so, will outweigh the gain. Specifically with NAC, I think most people want it to make sure they are enforcing access policies against managed and unmanaged devices, not necessarily to be the uber-hacker stopper. It is more the inadvertent polluter that NAC is going to stop.

09:01 PM in links and appearances, NAC, rootkits, tradeshows | Permalink | Comments (0) | TrackBack (1)

Technorati Tags: black hat, NAC, rootkit, vista

July 18, 2006

Lets blame Open Source

Over the last few days it seems that Open Source software is under attack as the root of all evil around hacking. First on darkReading an article on open source security being used by hackers and bad guys. Then the folks at McAfee blaming open source tools for helping bot developers organize and be more effective.

In the case of McAfee, this is not the first time they have blamed open source tools for helping hacking. Back in April it was rootkits that were being encouraged by open source according to McAfee. Of course the McAfee folks give the usual left-handed compliment to open source by saying, "We think [open source antivirus products] are fine. They've never been something that was really in the same class as ours, but we've always been big supporters of open source antivirus," yeah right, give me a break. Can you show me how McAfee has always been a big supporter? I don't think so. It is just another chance for the McAfee people to take another swipe at open source.

The darkReading article says hackers and bad guy types are using nMap, Nessus, Metasploit and such to recon and hack into networks. So if they were using commercial software instead of open source would it make a difference? This is a case where you can't blame the tool, blame the people hacking in. These tools all have legitimate uses and are very valuable to infosec professionals. My rule of thumb is substitute commercial software every time I see the open source software term. If the sentence still makes sense regardless of whether it was open source or commercial software then how can you blame it on open source.

09:07 AM in open source, rootkits | Permalink | Comments (0) | TrackBack (1)

May 11, 2006

What is your stance on Rootkits?

Sounds like a ridiculous question doesn't it? This was exactly the question posed to one of our StillSecure account executives, Sam Van Ryder, a few weeks ago. He was not sure what the question was trying to get at. Do we here at StillSecure approve of rootkits? Do we install them with our software? Do we try to detect, alert and remove them? Maybe he should have said, hey, we like them, they are good for security vendors.

First of all you need to understand what a rootkit is. According to Wikipedia, "a rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge." Of course rootkits went mainstream with the Sony CD controversy last year. They certainly sound like bad stuff. The obvious answer is that as a responsible network security company, StillSecure is not for anything that installs hidden software on a computer that can be used to compromise that computer. Maybe the better question is what can StillSecure do to detect and remove rootkits. However, you must also realize that in some circumstances rootkits actually perform an innocuous, if not beneficial purpose. How do you tell the difference. Even a "good" rootkit can be used for bad purposes. This is the crux of the issue, which makes the opening question not as easy as it sounds.

Detecting, determining they are malicious and removing rootkits is one of the most difficult tasks in network security. Today, it is falling mostly on the shoulders of the anti-virus vendors to try and stop malicious rootkits from implanting themselves onto your computer. However, they are not doing a great job at it. We have received requests from several customers to try and detect rootkits as part of the pre-admission testing in our Safe Access NAC product. Also, some have asked that VAM, the StillSecure vulnerability management platform detect them. I am not sure if either of these categories of products will be effective as they currently exist. I do know that over this year, there will be products dedicated to this problem and I think NAC products will start incorporating technology to be more effective at finding them.

01:38 AM in General Security, rootkits, StillSecure stuff | Permalink | Comments (2) | TrackBack (0)

April 17, 2006

McAffee claims open source encourages rootkits

Ellen Messmer at NetworkWorld writes today that McAfee is releasing a new report, about the dramatic rise in the number of rootkits it has collected as malware samples this quarter as compared to the same quarter last year. Additionally, they are becoming harder and harder to detect. I don't doubt any of this, but the part that I disagree with is where Stuart McClure, SVP of global threats at McAfee blames it on sites like Rootkit.com and other sites that share source code. The rootkit.com site is a legitimate site that our own SAT team has used on occasion. It is a valuable resource to the security community and though some may misuse the code posted up there, I think it is not fair to blame it and others like it for the problem. Whether it existed or not, today's sophisticated cybercriminals would find ways of sharing their illicit methods. Don't shoot the messenger, if you don't like the message. I do think rootkits represent a new battlefront in security though. I think this will see new, more effective means of combating them this year.

02:58 PM in General Security, open source, rootkits, StillSecure stuff, Web/Tech | Permalink | Comments (0) | TrackBack (0)

Lijit Search

disclaimer

The views and opinions expresed here are those of myself only and in no way represent the views or positions or opinions of my employer, Latis Networks, Inc. d/b/a StillSecure or anyone else.

Forbes.com

StillSecure, After all these years, the podcast

Currently Reading

James Carroll: Constantine's Sword: The Church and the Jews -- A History
Looks like a book I will learn a lot from. It is long, but than again it covers two thousand years. Will be interesting to see what I say when I finish. (****)

Read Recently

Wilbur Smith: The Quest
Smith has an amazing ability to transport you back to ancient Eygpt. I have read several of his novels about Eygpt and am always totally absorbed from the very first pages to the end. (****)
Jeff Shaara: The Rising Tide: A Novel of World War II
Great historical novel about WWII. North Africa and Sicily campaigns come alive. You feel like you really are getting to know Ike, Patton, Rommel and the rest. (****)
Dale Brown: Strike Force: A Novel
Another great book by Dale Brown. Iran is getting help from Russia and the Iranian monarchy is trying to overthrow the theocracy. Dreamland's super weapons to the rescue! (****)
Christopher Moore: Lamb: The Gospel According to Biff, Christ's Childhood Pal
The Gospel according to Jesus's childhood pal, Biff. Need I say more. Actually pretty funny stuff. (***)
David Weber: Off Armageddon Reef
Aliens have destroyed humanity. A small isolated colony has been hidden to grow into a new human empire, but they are robbed of the knowledge of their inheritance. A religion based on keeping the people in the dark about their legacy controls the world. Great reading, good fantasy (****)
Michael Chabon: The Amazing Adventures of Kavalier & Clay
Brad Feld gave me this book. It is a Pulitzer Prize winner from the author of the Yiddish Policemens Union. This book is even better. Funny, yet biting it brings the horror and excitement of WWII to life through the eyes of a jewish refugee from Prauge and his cousin from Brooklyn. All about the comic book industry and real life tragedies and love. Worthy of all the praise and awards! (*****)
W. Michael Gear: People of the Nightland (First North Americans)
I have read almost every book in this series of paleo Indians by this husband/wife team. I don't know what it is, but I love hearing these stories based upon Native American legends and myths. (***)
David Michaels: Tom Clancy's EndWar (Tom Clancy's Endwar)
A new series inspired by Tom Clancy and based on a game. It is WW III, Saudi Arabia and Iran have exchanged nukes and the Russians are fighting the US and Euros. Not up to Clancy himself standards, but a good airplane read. (***)
John Grisham: The Appeal
A new legal thriller from Grisham. Does anyone do these better? It started right up from the get go and holds the reader captive. Without giving away the ending, Grisham brings the end of this book home to today's political climate. (****)
Gary Jennings: Aztec Rage (Aztec)
A continuation to the series started by the late Jennings. Not quite as brilliant as the first novel, but it is fairly faithful to Jennings style and continues the history of the Aztec/Spanish mix that becomes Mexico. (***)
Stephen Baxter: Navigator: Time's Tapestry, Book Three (Time's Tapestry)
The 3rd in this alternate history series by Baxter. I am still waiting to see what is alternate about this history. Alternate or not though, Baxter is a master storyteller and it is a pleasure to read. (****)
Harry Turtledove: Opening Atlantis
The first in a new trilogy by the master of alternate history. In this series there is an 8th continent between Europe and America called Atlantis. How it effects the unfolding of world history will be the subject of the series. So far it is pretty interesting. (***)
John Grisham: The Innocent Man: Murder and Injustice in a Small Town
This is a non-fiction book but reads like lots of Grisham's legal thrillers. After reading this book it is hard to think that the death penalty can be enforced in this country without innocent men being executed. It also makes you think Oklahoma is just not a great place to be living in. (***)
David Michaels: Tom Clancy's Splinter Cell: Fallout (Tom Clancy's Splinter Cell)
I really like this series and its hero Sam Fisher. Based on a video game the author has done a great job making Sam Fisher a real person. In this one Sam is chasing his brothers killers who are involved in nuclear terrorism in the former USSR.
Michael Crichton: Next (Harper Fiction)
Everything comes together a little too coincidentally, but it shows us what can happen with gene science gone mad. (**)
Raymond Khoury: The Sanctuary
I liked his Templar book so thought I would give this one a try. Set in 1700's Europe and modern day Iraq and Lebanon, it is a good thriller. (***)
Stephen Baxter: Conqueror: Time's Tapestry Book Two (Time's Tapestry)
Book 2 in the time tapestry series, it is a great historical novel of post-Roman Britain. I am just not sure what the alternative history is here. It seems pretty much as I remember learning it. (***)
John Grisham: Playing For Pizza: A Novel
Another one of Grisham's easy reading non-legal thriller kind of books. A disgraced NFL quarterback goes to play for pizza in Italy. (***)
Harry Turtledove: The Grapple (Settling Accounts, Book 3)
Somehow I am on book 3 of this series. I read book 1 and 2, but did not write up the review of 2. Anyway, in book 3 the tide turns against the CSA and for USA. Great alternate history of WW II (***)
Bill Bryson: The Life and Times of the Thunderbolt Kid: A Memoir
I was looking for something light on a trip back home. Though I am a bit young (beleive it or not) for a lot of this and did not grow up in the Mid-West there are some things about growing up that are universal. Very funny book! (****)
Dale Brown: Dale Brown's Dreamland: Retribution (Dreamland (Harper Paperback))
One of the better ones so far in this series. Lots of cool weapons and sinister bad guys. (***)
Thomas L. Friedman: The World Is Flat: A Brief History of the Twenty-first Century
Finally it comes to paperback and a new updated edition at that! For some reason I never read this bible of our brave new world. So much of it now seems obvious, but there is still much to learn here. (****)
Brian Herbert & Kevin Anderson: Sandworms of Dune
Finally! All of your questions around Dune are answered. The fate of the Universe and the Tyrant's Golden Path is revealed. Every Dune fan should read this one to tie up the loose ends. Also reading Herbert and Anderson's prequels to the original series will help. (*****)
Jack Whyte: Knights of the Black and White
I don't know what it is with Templars, but I am facisinated by the story. This is a good one and looks like the start of a series. I reccomend it! (****)
Patrick M. Lencioni: The Five Dysfunctions of a Team: A Leadership Fable
Got this book from Mitchell. It is a quick read and offers some excellent insight into how a real team can function allowing for the free flow of information and exchange of ideas in a healthy and productive way. Great read for anyone part of an executive team. (****)
Harry Turtledove: Return Engagement (Settling Accounts Trilogy, Book 1)
The start of WW II in the alternate history series by Turtledove. The CSA gets off to a quick start against the USA. (***)
Michael Chabon: The Yiddish Policemen's Union: A Novel
Full of Yiddish sayings, in this alternate history of post-WWII Jews is both funny and sad. A good read wrapped in a detective story who done it. (***)
Dale Brown: Edge of Battle
Dale Brown does better when doing battle with other superpowers, not drug smugglers, terrorists and tackling topics immigration reform. I love his action and technology, but didn't like the subject matter. (**)
Kevin J. Anderson: Of Fire and Night (The Saga of Seven Suns, Book 5)
This one clears up a lot of the plot lines from the first four books in a neat bow. However, just when you think the end is near, a new twist comes along that has you waiting for the next book. A big time scifi epic! (****)
Kevin Phillips: American Theocracy: The Peril and Politics of Radical Religion, Oil, and Borrowed Money in the 21stCentury
This can be dry and slow reading, but will open your eyes to what is really going on here. Phillips, a former Republican strategist, lays out a strong case on how oil, religious wars and debt are driving America away from world leadership. (****)
Raymond Khoury: The Last Templar
Another book on the long lost secret of the Templars, which can bring the Church to its needs. It was a good thriller. All of these DaVinci Code spawn are starting to run together in my mind. (***)
Harry Turtledove: American Empire: The Victorious Opposition (American Empire)
Turteldove is the master of alternate history. Many other SF writers are trying this genre, including Card and Baxter. In this one, the Confederate States of America takes on the role of the Nazi's in pre-WWII. Good read. (***)
Steve Berry: The Templar Legacy: A Novel
A DaVinci Code type of novel, with the recent press and controversy around the tomb of Jesus being discovered, this one became more real from it. A good read. (****)
Steve Berry: The Third Secret: A Novel of Suspense
A love story of a priest, a pope and the woman they loved. Wrapped around a quest for the missing 3rd secret of Fatima and an anti-christ potential new pope. Good story (***)
Tobsha Learner: The Witch of Cologne
A little slow moving at first, it picks up steam mid way through. A tale of the end of the inquisition and the begining of modern Europe. This is the backdrop of a forbidden love between a Kabalah trained midwife and her inquisitor priest. It did get you into the plot. (****)
Mark Winegardner: The Godfather's Revenge
Another follow on authorized by Mario Puzo's estate. This fills in the time between Godfather, Part 2 and Part 3. With the characters from the original, it can't help but be good. (***)
Orson Scott Card: Empire
Its the red versus blue states, urban versus rural, neo-cons versus the far left, in this American Civil War II. A little far fetched, the treachery though kept you guessing who and what was really behind it. (****)
James Patterson: Honeymoon
My first Patterson book. I don't usually go in for this type of thriller, but I was getting on the plane in 5 minutes and had to have something to read. I finished it in just a few hours, it was pretty good. (***)
Stephen Baxter: Transcendent (Destiny's Children (Paperback))
The third in the hive series by Baxter. It has his usual long historical sweep between the near and far future. Good harc core sci fi. (****)
David Michaels: Tom Clancy's Splinter Cell: Checkmate (Tom Clancy's Splinter Cell)
This series based on a PC game (corny isn't it) has actually turned into one of the better Clancy series out there. It is number 3 in the series and was pretty good. (***)
Dale Brown: Dale Brown's Dreamland: End Game (Dreamland (Harper Paperback))
Another in the Dreamland series by Dale Brown. It started off a bit slow, but revved up to the usual Brown level of thriller. (***)
Eric Flint: 1812: The Rivers of War
A good alternative history of the War of 1812 and the role of the Native Americans. The alternative prospective is allowing the Cherokee's a planned retreat West and sparing them the Trail of Tears. (***)
Harry Turtledove: End of the Beginning: A Novel of Alternate History
The great sequel to an alternative history where the attack is Pearl Harbor is followed by an invasion and conquest of the islands. No we take them back with a vengence. (****)
Mitch Albom: For One More Day
Like all his books, this one will make you laugh a little, cry a little and think a lot. This particular story was a bit close to home for me. It is a quick read. (*****)
Eliyahu M. Goldratt: The Goal
A great book to make you think about managing a business in a new way. I highly recomend it to anyone interested in how to measure and effect efficient production (****)
Brian Herbert: The Road to Dune
Sort of like viewing the bonus features on a DVD, only the most hard core Dune fan is going to appreciate this. Stuff that wasn't good enough for the originals put together here. (**)
Brian Herbert: Hunters of Dune (The Dune Series)
OK the son is not the father (talking about the authors, not the characters), but this is based on his outlines and haven't you always wondered who the outside enemy was. This is chapter 7 of Dune and if you read the others, you have to read this. (****)
Harry Turtledove: Days of Infamy
I love Sci Fi and Historic novels. So I am drawn to alternate . This one involves the invasion of Hawaii after Pearl Harbor. Of course it will change the course of WW II, at least for a little while before the inevitible. (***)
Dan Simmons: Olympos
Great conclusion to Ilium. This book ties up the the varied stories of both books into one story line. A vast sage, I think this may be his best yet! (****)
Jeffrey Anderson: Second Genesis
Great story on genetic manipulation, stem cells, medical ethics and just a great thriller. I really liked this book about genetically enhanced chimps. (****)
Chris Stewart: The Fourth War
With everything going on in the Middle East, this one got a little to real. Pakastani nukes are up for grabs. The Israeli Shin Bet and US CIA try to get to them before an Al Queda type of organization can get there hands on them. Scary stuff! (****)
David McCullough: 1776
McCullough is a master of well researched history. This is just about the first year of the revolution and puts you in the middle of the pivotal events. (****)
Kevin J. Anderson: Scattered Suns (The Saga of Seven Suns, Book 4)
After my last two books, it was time for something a little lighter. This is book 4 in a grand SciFi space saga. Lots of characters and plots, good reading. (****)
Karen Armstrong: A History of God: The 4,000-Year Quest of Judaism, Christianity and Islam
A great historical look at the evolution of our concepts and beliefs in God, primarily from the view of Judeo-Christian-Islam perspective. However, other philosophies and religous beliefs are discussed as well. It is very heavy on philosophy and mysticism. You need to think with this book. (****)
James Bradley: Flag of our Fathers
A detailed personal look at the 6 Marines in the famous Iwo Jima flag photo, written by the son of one of them. The loving attention to these American heros is well deserved. (****)
Arthur C. Clarke & Stephen Baxter: Sunstorm (A Time Odyssey)
A sequel to their first book together, A Time's Eye, this is hardcore SF at its best. The story revolves around the inner workings of the sun and the catastrophic results to Earth and humanity if any minor deviation of the Sun's energy output were to take place (***)
Edward Rutherfurd: The Rebels of Ireland : The Dublin Saga
Another great book by the master of historic novels. He may even be better than Michener. This is the sequel to The Princes of Ireland and is even better than the first. (*****)
Stephen Baxter: Exultant (Destiny's Children (Hardcover))
A grand sweeping space saga of the type that Baxter is known for. This one covers from before the big bang to the early history of our universe and such hard science topics as dark energy and dark matter. Great book! (****)
Peter F. Hamilton: Judas Unchained
The sequel to Pandora's Star, this book had almost too many sub-plots. It made it difficult to follow sometimes. The story that had so much promise in Pandora's Star, really seemed to just never get off the ground in this one. Not one of my favorite Hamilton books. He can be up and down like that. (**)
Dan Brown: Digital Fortress : A Thriller
For some reason I thought his other books were not going to be as good as Da Vinci and Angels & Demons. No religous theme here, but a good thriller with lots of twists to keep you on the edge. (****)
Steve Perry: Tom Clancy's Net Force 10 : The Archimedes Effect (Net Force)
This series used to be pretty good reading. Lately it is just not as good. It is OK to pass the time though. (**)
Troy Denning: The Swarm War (Star Wars: Dark Nest, Book 3)
Set after the New Jedi Order series, good filler for trying across the country. (**)
Joseph J Ellis: His Excellency
Good biography on Washington, by one of the masters of revolutionary war history. (****)
Michael Crichton: State of Fear
Great book about the environmental movement. Chricton has another thriller, but this will make you think about your views on global warming, the media and other environmenta issues (****)
David Michaels: Tom Clancy's Splinter Cell: OPERATION BARRACUDA
Based on a video game (yeah thats right), this series is actually pretty good. Makes for good airplane reading. (***)
John Grisham: The Broker
I had low expectations but this book really hooked me. I was over 200 pages in before I took a breath. The end was sort of rushed, but enjoyed this book. He is a master storyteller. (****)
Billy Crystal: 700 Sundays
Based on his one man Broadway show. Billy examines his relationship with his Dad who died when he was 15. He spent about 700 Sundays with him. You will laugh a little and cry a little but I think you will like it. (****)
Bob Dylan: Chronicles : Volume One
One cliche after another, you had to laugh after a while. A hodge podge of glimpes into his early and mid-career. The DVD is much better. (**)
Philip Roth: The Plot Against America: A Novel
A "what if" book. The premise is Lindbergh runs for president in 1940. He defeats Roosevelt, keeps us out of the war and institutes a anti-semtic, facsist administration. Scary! (***)
Ian Caldwell: The Rule of Four
Not as good as the Dan Brown novels I think but an interesting puzzle book. Lots of Princeton stuff by two new young authors (***)
Dale Brown: Act of War : A Novel
I have read all of Dale Brown's books starting with Flight of the Old Dog. If you like Clancy, you will love Dale Brown. (****)
Jeff Rovin: Op-Center XII: War of Eagles (Tom Clancy's Op-Center)
Uses Tom Clancy's name but by other authors. I read all of these series to fill time on planes. Not the greatest books you will ever read but they pass the time away (**)
Brad Meltzer: The Zero Game
My first book by Meltzer, it just seemed a little to simple for me. (**)
Stephen Baxter: Evolution
Great Sci Fi from one of the two new great authors of sci fi from the UK. Baxter and Hamilton pick up the baton from Clark and Asimov (****)
W. Michael Gear: People of the Raven
Another in the first American series. Here white people come to the Pacific Northwest thousands of years ago. (****)
Jimmy Carter: The Hornets Nest
It's hard I guess for an ex-president to really let loose. However, good historical novel of Georgia in American Revolutionary times. (***)