|
[networknewsletters]
||
[Date Prev]
[11-2006 Date Index]
[Date Next]
||
[Thread Prev]
[11-2006 Thread Index]
[Thread Next]
[ECP] eVade-o-Matic Nearly Evades My Understanding
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 07 Nov 2006 05:00:00 -0500
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
eVade-o-Matic Nearly Evades My Understanding
=== CONTENTS ===================================================
IN FOCUS: eVade-o-Matic Nearly Evades My Understanding
NEWS AND FEATURES
- IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies
- IE 7.0 Vulnerable to Address Bar Spoofing
- Norman Data Defense Systems Introduces Automated Malware Forensics
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Firefox 2.0 Badly Broken?
- FAQ: Using a Script to Check User or Group Existence
- From the Forum: Database Security Error
- Know Your IT Security Contest
- Your IT Pro Vote Counts!
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== IN FOCUS: eVade-o-Matic Nearly Evades My Understanding =====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Metasploit is billed as a benevolent forensic tool to test security. In
summary, it's a toolkit that nearly anyone with a modest amount of
computer experience can use to exploit vulnerabilities to the maximum
extent. Just plug in a module, fill in some parameters, and presto,
instant exploitation.
The logo on the Metasploit home page (see URL below) paints a picture
that's the complete opposite of benevolence, in my mind anyway. The
logo contains the image of an obviously malicious intruder (who reminds
me of the Joker from the old "Batman" TV series) sitting at a keyboard
with any of a variety of "catchy" phrases emblazoned next to it. The
phrase cycles on each page reload and offers such pithiness as "Point.
Click. Root.," "The Best a Haxor Can Get," "Always hot exploits.
Always.," and "What would you like to Metasploit today?"
http://list.windowsitpro.com/t?ctl=3E70F:7EB890
About the only beneficial thing I can see about Metasploit is that if
it had to be developed at all, at least it's available to the public so
that white hats can use it.
Metasploit is about to take on an even more insidious tinge when the
eVade-o-Matic Module (VoMM, for short) is released. VoMM makes it
possible to completely evade signature-based security systems
(including signature-based intrusion detection systems--IDSs--and
antivirus platforms) by continually changing a piece of code. If code
morphs with each new use, an endless number of detection signatures
would be needed, which simply isn't practical. Therefore, VoMM and
similar technologies render signature-based security systems useless
for the most part.
According to information posted on the Info-Pull.com blog (see the URL
below), VoMM uses a number of techniques to morph code, including white
space randomization, string obfuscation and encoding, random comments
and comment placement, code block randomization, variable name and
function name randomization and obfuscation, and function pointer
reassignments. You can get a very detailed analysis of exactly what
VoMM does.
http://list.windowsitpro.com/t?ctl=3E6F3:7EB890
While these sorts of evasion techniques are by no means new to the
world of malware, what is new is the packaging of such techniques into
a tool like Metasploit, which anybody with one firing neuron can
download to immediately experience that warm and fuzzy "point, click,
root" feeling. Rest assured that VoMM will be used by just about every
"bad guy" on the planet. Why anyone would unleash this madness upon the
world nearly evades my understanding. Nearly.
=== SECURITY NEWS AND FEATURES =================================
IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies
Microsoft released the long-awaited Internet Explorer 7.0, and
Mozilla Foundation released its long-awaited Firefox 2.0. Both include
new antiphishing technology.
http://list.windowsitpro.com/t?ctl=3E6FF:7EB890
IE 7.0 Vulnerable to Address Bar Spoofing
Secunia reports that an anonymous person discovered that it's
possible to partially spoof the Internet Explorer (IE) 7.0 Address bar
in a pop-up window, which might lead to phishing attacks.
http://list.windowsitpro.com/t?ctl=3E701:7EB890
Norman Data Systems Introduces Automated Malware Forensics
Norman's new offerings bring malware analysis tools out of private
labs and into corporate networks.
http://list.windowsitpro.com/t?ctl=3E702:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=3E6FD:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Firefox 2.0 Badly Broken?
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3E708:7EB890
I'm about to lose my patience with Firefox 2.0. It seems badly broken,
and I wonder if these symptoms are happening to anyone else. Read the
blog to learn about what I've found.
http://list.windowsitpro.com/t?ctl=3E700:7EB890
FAQ: Using a Script to Check User or Group Existence
by John Savill, http://list.windowsitpro.com/t?ctl=3E705:7EB890
Q: How can I use a script to check whether an Active Directory (AD)
user or group exists?
Find the answer at
http://list.windowsitpro.com/t?ctl=3E706:7EB890
FROM THE FORUM: Database Security Error
A forum participant uses SQL Server 2000 with SP4 and sees an error
in his logs that reads "Login failed for user 'RECOVER'." Does this
error have something to do with failed writes to audit files? If you
have an idea, join the discussion at:
http://list.windowsitpro.com/t?ctl=3E6F4:7EB890
KNOW YOUR IT SECURITY Contest
Share your security-related tips, comments, or solutions in 1000
words or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=3E703:7EB890
YOUR IT PRO VOTE COUNTS!
Vote for the next "IT Pro of the Month!" Take the time to reward
excellence to an IT pro who deserves it. The first 100 to cast their
vote will receive a one-year print subscription to Windows IT Pro
magazine--compliments of Microsoft. Voting only takes a few seconds, so
don't miss out. Cast your vote now:
http://list.windowsitpro.com/t?ctl=3E709:7EB890
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=3E704:7EB890
Can disaster recovery planning create real value for your business
beyond mere survival? Justify your investments in DR planning, and get
real answers to your questions about how DR planning and implementation
affect the financial performance of your organization. Make cost-
effective decisions to positively impact your bottom line! Live event:
Tuesday, November 14
http://list.windowsitpro.com/t?ctl=3E6F8:7EB890
How do you manage security vulnerabilities? If you depend on
vulnerability assessments to determine the state of your IT security
systems, you won't want to miss this Web seminar. Special research from
Gartner indicates that deeper penetration is needed to augment your
existing vulnerability management processes. Learn more today!
http://list.windowsitpro.com/t?ctl=3E6F7:7EB890
Learn all you need to know about code-signing technology, including the
goals and benefits of code signing, how it works, and the underlying
cryptographic and security concepts and building blocks. Download this
complete eBook today--free!
http://list.windowsitpro.com/t?ctl=3E6FC:7EB890
Does your company have $500,000 to spend on one email discovery
request? Join us for this free Web seminar to learn how you can
implement an email archiving solution to optimize email management and
proactively take control of e-discovery--and save the IT search party
for when you really need it! On-demand Web Seminar
http://list.windowsitpro.com/t?ctl=3E6F6:7EB890
Total Cost of Ownership--TCO. It's every executive's favorite buzzword,
but what does it really mean and how does it affect you? In this
podcast, Ben Smith explains how your organization can use
virtualization technology to measurably improve the TCO for servers and
clients.
http://list.windowsitpro.com/t?ctl=3E6FB:7EB890
=== FEATURED WHITE PAPER =======================================
Is your email easily accessible, yet secure, in the event of an e-
discovery request? With the phenomenal growth in email volume and the
high cost of failing to comply with a discovery request, you can't
afford to lose any email. Download this free white paper and implement
a strong email retention and management system today!
http://list.windowsitpro.com/t?ctl=3E6F9:7EB890
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
The Educational CyberPlayGround
http://www.edu-cyberpg.com/
National Children's Folksong Repository
http://www.edu-cyberpg.com/NCFR/
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
7 Hot Site Awards
New York Times, USA Today , MSNBC, Earthlink,
USA Today Best Bets For Educators, Macworld Top Fifty
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>
Copyright FAIR USE Statements
to be included when reproducing
annotations from Network Newsletters.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
<>~~~~~<>~~~~~<>
|
|
