Jumat, 11 April 2008

More Aggressive Network Self-Defense

18.38    No comments

Some of you might remember this book from my 2005 review. I thought of it after reading Security Guru Gives Hackers a Taste of Their Own Medicine. From the article:

Malicious hackers beware: Computer security expert Joel Eriksson might already own your box.

Eriksson, a researcher at the Swedish security firm Bitsec, uses reverse-engineering tools to find remotely exploitable security holes in hacking software. In particular, he targets the client-side applications intruders use to control Trojan horses from afar, finding vulnerabilities that would let him upload his own rogue software to intruders' machines.

He demoed the technique publicly for the first time at the RSA conference Friday.

You might remember a similar story from Def Con 2005:

New research released at the DefCon conference suggests that not only is it important to apply patches to fix security flaws in commonly used computer software, but that patch installation is important for the very tools hackers and security professionals frequently use to break into (or test the security of) computer networks.

According to new findings by the venerable hacker ninjas known as the Shmoo Group, some of the most popular tools used by hackers and security professionals to infiltrate and test the security of targeted networks contain serious flaws that defenders could use to turn the tables on hackers.

Three years ago in my post about ANSD I wrote:

I disagree with the strike-back idea, as I believe it steps over the line into vigilante justices.

I'm less sure about that now. In the three years that have passed, security has gotten worse, government ability to deter and/or defeat intruders has not improved, and intruders have become more sophisticated. If we continue to sit on our hands waiting for the cavalry to arrive, it will be too late. (It already is too late for most companies anyway; they're owned.)

Disruption of the command-and-control mechanisms used to control compromised hosts is not something I recommend for everyone, but it would certainly push some attackers off-balance. They would suddenly start to incur some of the same costs that defenders spend on trying to develop more secure software. I think it's time for some of us to consider these offensive techniques.

Incidentally, the ActiveResponse.org site I mentioned in 2005 appears to be collecting links to papers and studies on active response.

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)