Alexander’s Blog

SecureWorks, a leading Managed IT Security Services Provider, announced that it has seen a dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients in the past three months using SQL Injection (a type of Web application attack). “From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day,” said SecureWorks CTO Jon Ramsey. “As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day,” said Ramsey.

SQL Injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to an organization’s resources or to make changes to data. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server. Click here for more information.

A suit filed by Microsoft in federal court in Seattle offers an interesting glimpse into the world of IT certification exams. It’s against Testking.com, which offers training materials to help people prepare for certification tests given by Microsoft and other companies. The gist of the complaint:

Microsoft is informed and believes, and on that basis alleges, that the Microsoft Certification Exam materials defendants sell through Testking.com contain exam questions and answers that are either identical or substantially similar to Microsoft’s copyrighted exam questions and answers. Microsoft has not licensed or authorized defendants to copy or distribute its copyrighted exam content.

Among other things, the suit outlines the measures Microsoft takes to try protect the exams from leaking out. Click here for more information.

While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system. Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.

And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill. “Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated,” a representative for the software maker said. “In addition, we are working with our hardware partners to investigate ways to help prevent the virtualization attack used by the Blue Pill.”

“The fact that this mechanism was bypassed does not mean that Vista is completely insecure. It’s just not as secure as advertised,” Rutkowska said. “It’s very difficult to implement a 100 percent-efficient kernel protection.” To stage the attack, however, Vista needs to be running in administrator mode, Rutkowska acknowledged. That means her attack would be foiled by Microsoft’s User Account Control, a Vista feature that runs a PC with fewer user privileges. UAC is a key Microsoft effort to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP. Click here for more information.

Microsoft is putting a halt to a version of its Virtual PC software for Intel-based Macs. The move comes after start-up Parallels introduced its own virtualization software for running Windows on a Mac, and VMware said Monday it plans to provide a beta version of Mac virtualization software later this year. Apple also has its Boot Camp software, still in a beta testing version. Boot Camp allows Intel-based Macs to run either Windows or the Mac OS, but not both simultaneously.

In a statement on Monday, Microsoft said it “has made the decision not to move forward with a Universal version of Virtual PC at this time. The software maker acquired the Virtual PC for the Mac line as part of its 2003 purchase of Connectix’ Virtual PC and Virtual Server products. It still offers Windows virtualization products, though it has made the desktop version of Virtual PC for Windows a free download.

Because of how closely virtualization software is tied to an operating system, Microsoft said that moving Virtual PC to the Intel-based Mac would be “similar to creating a version 1.0 release.” Click here for more information.

Not Again! On May 11, 2006 Apple Computer announced 43 Mac OS X and QuickTime security patches (Security Update 2006-003). This included 31 flaws in the Mac OS X, most of them serious enough to cause arbitrary code execution attacks. In addition, Apple also released QuickTime 7.1 as a major security overhaul to fix 12 code execution and denial-of-service flaws.

Less than three months later, Apple announced patches for yet another 26 security holes. 17 of these 26 security holes could expose the user to an arbitrary code execution. Four of them could lead to disclosure of confidential information and two could cause an application to crash. A local user in three cases could exploit a flaw to gain additional user rights.

That’s a whopping 69 security holes discovered in less than three months…..and you thought Microsoft’s operating systems were full of security holes. These numbers are incredibly high for an OS that was supposed to be secure…..or at least that’s what the perception was.

While Microsoft operating systems such as Windows Server 2003 and Windows XP are becoming increasingly secure, Microsoft’s competitors have had some serious problems with their products. Macs have experienced an unusually high number of security problems as of late. Same is true for Mozilla’s Firefox browser (which happens to be my primary browser). It has been steadily gaining popularity because of the ongoing problems with Internet Explorer, but has its share of security holes lately. As software products become more popular, they tend to attract a lot of attention from the bad guys and become more vulnerable to attacks.

As a Mac user I am hoping this trend won’t continue. As a Windows user I am glad the OS is becoming more secure and stable. Unfortunately, I can’t say that about Internet Explorer (IE).