MCPMag.com

Sign up for our newsletter.

I agree to this site's Privacy Policy.

Security Advisor

Microsoft Inadvertently Fans the 'Flame'

Last week I wrote about the somewhat newly discovered surveillance worm making its way through the Middle East.  Well, Microsoft now says that it could have played a part in the distribution of the malware and pleads ignorance with concern to its role.

According to a Microsoft security advisory, the virus took advantage of a flaw in Microsoft's Terminal Server Licensing Services to create unauthentic Microsoft certificates. Once antivirus programs saw that the Flame was certified by Microsoft, the doors were open for it to cause havoc.   

Seeing the error in its ways, Microsoft released a security update  that will automatically revoke all bogus Microsoft certificates making their way through the wild. If you don't have automatic update on, go ahead and apply that bandage.

However, if you're not on a nation's watch list, and don't originate from Iran, chances are you'll be safe from infection -- this worm's targets have been a small and selective group of individuals that may or may not be in the terrorist industry.

As for Microsoft, while it didn't knowingly give the Flame architects the key to the Internet, it does hold some of the responsibility for the damage caused by it. Or so Andrew Storms, director of security operations for nCircle, believes.

"The discovery of a bug that's been used to circumvent Microsofts secure code certificate hierarchy is a major breach of trust, and it’s a big deal for every Microsoft user," said Storms. "It also underscores the delicate and problematic nature of the trust models behind every Internet transaction."

What do you think? Is it Microsoft's duty to customers to find and fix any bugs that could be used for harm? Or will hackers always find holes in software, no matter how secure it is? Let me know at cpaoli@1105media.com.

Cyber Warfare Is Out in the Open
It's been a busy week and a half for nation-created malware. The second big news story was the info that the U.S. and Israel were definitely behind the creation of superworm Stuxnet.

The news comes from a book released this week by Chief Washington Correspondent for The New York Times David E. Sanger in which he alleges the worm's creation was authorized by the Bush administration and its use signed off by Obama.

The worm was supposed to only cause problems for Iranian uranium enrichment plants, but then it accidently got out in the open. It's been theorized that both Flame and Conficker were both created using the source code from Stuxnet.

While the news is certainly interesting, it's not altogether shocking. Due to the complex nature of the malware, security experts have believed that this worm could have only come from four sources: the U.S., Israel, China and Russia. And take into account who may have the rockiest relationship with Iran and it's no surprise.

Frankly, if this is the future of warfare, I welcome it (well, not welcome it, but can live with it). The worm caused damage to some Iranian machines and not a single person lost their lives on either side. I say that's quite an improvement over the tried-and-true practice of dropping bombs until a target's not standing.

How do you see it? Is the use of such malware a smart way of taking out a threat while limiting the collateral damage? Or does this open up a Pandora's Box of issues where terrorists can cause harm wherever they have access to the Internet? Send your thoughts to cpaoli@1105media.com

Change Your LinkedIn Passwords. Now.
A hacker who likes to brag on a Russian message board has said that he has disclosed almost 6.5 million passwords of users of the social media site. However, usernames of those stolen passwords were not found in the leaked document.

After looking into the incident, LinkedIn said this afternoon that the rumors were true.

"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," wrote LinkedIn Director Vicente Silveira.

He said that the company is continuing to look into the matter, but in the mean time, those accounts affected have been temporarily closed and an e-mail sent to the user on how to change their passwords. Silveria also said that a recent update to LinkedIn's security protocol will help to avoid a situation like this in the future.

For those who didn't receive the e-mail and still have access to their LinkedIn account, it may be a good idea to go ahead and change that password anyway. Just in case.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus

Reader Comments:

Wed, Jun 6, 2012 Frank Ong

The problem with the cyber warfare scenario being thought of as "clean" with "no human" injury and "unlike traditional warfare" is that cyber warfare is also covert, stealthy and consequently does not really act as a deterrent against one country actively waging warfare against another. Just look at "Flame" that wasn't discovered for over 4 years. Fortunately for Iran, this malware was only for exfiltrating data. What if it was not active but was only a listener to shutdown all SCADA systems? You could theoretically send a country back to the stone age through utility, traffic and comms disruption. If the malware is timed right, to coincide with an actual physical, kinetic attack via drones, it could devastate an opponent and give the attacker the impression that there would be no cost to their human assets. The lack of the concept of "mutually assured destruction" just makes it easier for one side think they can go ahead with their attack plans at "no cost". Clean cyber attacks don't necessarily make it cleaner for warfare, it just makes it easier to justify warfare.

Wed, Jun 6, 2012 BobBentBike

Cyber warfare won't necessarily limit collateral damage if it targets essential infrastructure that public health and safety depend upon.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above