Friday, December 2, 2011

“The malware, a version of a toolkit available since 2005…”

The story of the RSA attacks, as Qualys recently posted a very detailed study of the Adobe Flash exploit that caused all of the trouble at RSA last spring. It is a very thorough study – right down to a couple of pages of code.

Loved the human angle of a security-conscious person yanking the offending email out of a spam folder so they could open the infected XLS attachment. Good stuff. There will always be cases where people just make a mistake and have a lapse of judgment.

Great observation that some of the new security features found in Windows 7, such as Data Execution Prevention, probably would have thwarted the attack. It goes to show how hard it is for IT to move forward with a new version of an OS. Heck, it is hard even to move forward with a safer version of Flash or to enforce safe browser settings.

We know the half-life of a vulnerability and the difficulty in patching endpoints. Perhaps we should add a Law of Vulnerability for the life expectency of unpatchable software.

No comments:

Post a Comment