Mar 172011

RSA just announced that they were cracked. It is unclear what exactly has been put at risk.

Our investigation also revealed that the attack resulted in certain information being extracted from RSA’s systems. Some of that information is specifically related to RSA’s SecurID two-factor authentication products. While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.

So, it looks like RSA’s SecurID is immediately at risk. Who knows what else the crackers got. This crack is more significant the crack against HBGary that happened several months ago. This shows how difficult information security is when even the experts are having trouble keeping their doors locked.

Mar 102011

Fortinet has recently posted a blog post on the history of computer viruses at 40th Anniversary of the Computer Virus | Fortinet Security Blog. From a historical perspective it is a fascinating read. A couple of ones from a personal note:

Creeper: Catch me if you can. This was an experimental virus developed in 1971. It is the grand daddy of viruses. It was a relatively benign virus. And, it was actually a demonstration of mobile code. It would pick itself up and move to the next computer, vs. replicating like today’s viruses.

The article does not deal with The Morris Worm. However, I feel it needs to be mentioned in any discussion about malware. The worm utilized known vulnerabilities in a variety of UNIX services. Unfortunately, it got out of control and ended up performing a Denial of Service attack across the young Internet in 1988. The CERT was created by DARPA as a result of this worm.

When I was a UNIX administrator back in the mid 1990s, we would laugh about all of the forwards people would send about warning of viruses from email. After all, how could you get a virus from reading an email in Pine or Elm. The I Love You virus in 2000 changed all of that with help from Microsoft’s desktop security model. This was one of the first full scale viruses to affect normal users.

In 2001, IIS, Microsoft’s web server was attacked via Code Red. This is different than the traditional virus or worm which attacks the desktop. It exploited a buffer overflow in the indexing system of IIS. I remember being on the front end of the fight of this battle. Our Internet connection was acting slow. While troubleshooting, we decided to reboot our firewalls. When this happened our IIS servers crashed. Funny coincidence we thought. An hour later, we did it again. They crashed again. It was not until the chatter on the security mailing lists picked up late that afternoon that we figured out what was going on. At that point, we were able to take the appropriate action.

Just last year, Stuxnet appeared and targeted Iran’s nuclear industrial machines in a very subtle way. I am not going to get into the details of Stuxnet, as there are plenty of sources out there who can explain it better than I. What is fascinating about it is that it appears to be the start of nations writing malware to directly attack another nation’s specific resources. The effort, skill, and knowledge needed to implement this malware successfully is quite amazing… and scary.