This gathering of information security experts revealed issues that will impact us all. IT personnel must stay on top of them in the years ahead to secure their organization’s information assets.

Traditional anti-virus products detect only 30% to 50% of malware.
One of the Black Hat presenters noted that one BotNet alters its malware executables every 10 minutes. This makes it nearly impossible for anti-virus vendors to maintain up-to-date signatures to intercept such malware.

Malware attacks are very focused on client computers (i.e., endpoints).
Malware attacks will stay this way for many years to come, exploiting vendor software mistakes. Implement patches and isolate PCs without them. Remember, clever end-users without admin rights can install software. Perform periodic audits because these same end-users generally neglect patches.

Most software vendors use poorly designed safeguards to secure their product self-updates.
One Black Hat researcher predicts that hackers will exploit these weaknesses. Organizations that can utilize patch management systems for their endpoints on and off-enterprise might consider disabling all self-update capabilities on individual applications. Good news: the presenter complimented Microsoft on the cryptographic design of its update mechanisms.

Web browser security risks will get worse before they improve.
More malware infestations occur via web browsers than any other attack vector. In the coming year, researchers warn, recently exposed HTTP based attacks using IFrame/Jscript will dramatically increase in volume with costly consequences, enabling hackers to hijack:

• HTTPS sessions, which are the bread and butter of all e-commerce
• Home routers and cable modems.

Presently, there is little one can do to defend against these attacks without disabling a web browser’s scripting capabilities, which removes the Web 2.0 features that end-users value.

The standard-bearers for the newly designed HTTP version 5 appear to regard security as an after-the-fact detail. As web browsers implement the new conveniences of version 5, they will also be introducing new opportunities to exploit web browsers. Recommendation: assume your web browsers will be compromised and focus on containing the risk.

Man in the middle (MiM) attacks on SSL VPNs and HTTPS will continue to increase.
These attacks not only threaten to compromise information privacy but also threaten information integrity. Hackers can alter private content without leaving a trace of evidence behind. SSL VPN and HTTPS depend on the most vulnerable and most exposed object on the endpoint: the web browser. In formulating security policies, regard web browsers as untrustworthy.

Posted: Wednesday, August 20th, 2008 - Endpoint Security
RSS 2.0 - Comment - Trackback