Worms in Apples...

Apple's operating systems used to be renowned by loyal users for their lack of viruses, a major argument bullet point in many heated Mac vs Linux vs Windows debates. Even many Linux operating systems are (mistakenly) said to have very few viruses compared to windows. The fact of the matter is, the only reason why there seems to be less malware for these operating systems is because they used to not be as widely used as they are today. Therefore, why would a hacker spend his time and skill on targeting a community that is but a fraction of another? This does not mean that they do not exist. Over the past few years Mac's have become more popular to average computer users and media/software developers alike, which in turn means more attacks directed at Mac will only be natural.

Recently in the news, as you may have heard, a trojan by the name of Flashback has infected up to 600,000 users or more. The program works in a way that seems unheard of in this day and age of user access controls and authentication based security. Normally one would need to click on a bad link, download and run an infected program, or hit “allow” on something you have no clue about. Not the flashback. Apparently it exploits a loophole in the Java Automatic Updates to download the malware automatically. Another method of infection is a 'spoofed' Adobe Update popup.

A quote from a NY Times online article says “Several security experts have criticized Apple as slow to react, considering that Oracle issued a fix to the Java security hole in February. Apple did not issue a fix until more than a month later.”

As another quote from the article agrees with my thoughts on this, apple and it's users were so confident that their system was tightly secured, that there was a prominent lack of anti-virus, anti-malware, and other protection. This fact alone makes mac users an easy target for hackers, and also gives malicious hackers several zero-day exploits to use. Since there was no security “risks” to patch before, I can't imagine how many vulnerabilities are available to exploit. In the defense of Windows, as I am a Microsoft lackey, we have been faced with a never-ending bombardment of malicious software being thrown at us, which effectively increases the response time, and overall security and solidity of the operating system. I won't write apple off but they have a large curve to overcome as far as getting with the times in the never-ending battle against maliciousness.

In this day and age, a software company that is lulled into a state of security merely due to the fact that they have never been targeted is a big mistake.  It is akin to always leaving your the front door of your house wide open because you simply have never been robbed.  I feel as though it is a good thing though, as far as apple users being attacked.  Fool me once, shame on you, fool me twice shame on me.  If anything, it will start getting apple developers to put up their guards, and give anti-virus and anti-malware software designers incentives to develop more hearty, paid services since their will be a growing market for it.  The security blanket is gone and people will realize that they do in fact need to practice safe computing and proper protection of their Mac computer.

Philosophy of Security...

When talking about security on the internet and within computer systems and networks, people always say to assume the worst. There is always that remote possibility, so as a security engineer, you cannot just ignore different types of threats simply because they are very low likelihoods.

This article by Kelly Jackson Higginson DarkReading.com explains that the likelihood of a malicious intruder is actually a lot higher than you or I would assume.

The RSA Conference is a seminar held in San Francisco that focuses on cryptography, and progress in the field of internet security. Kelly Jackson reports that one of the most interesting new tools in system security is a device that monitors behind the line intrusions. A tool like this is similar to what is used by Cliff Stoll in the tracking and apprehension of hacker Markus Hess on the Berkeley networks in 1986.

When talking about security in a commercial setting, most talking points are first defense security. Firewalls, Traffic Limiting and monitoring, Strong passwords, Trustworthy and reliable users, and things of that nature. This tool however, assumes the worst. As Darin Anderson, a U.S country manager for Norman Data Defense Systems, is quoted saying “The dirty little secret in our industry is that everyone has been compromised,” and other prominent folks in the security industry agree. Security breaches are not a matter of if but when. This is a massive shift in security philosophy in my opinion, and a welcome one. It has been a priority to keep a system secure from external intrusion by unauthorized users, but I think it is just as important to have proper counter-measures in place for when your system does finally become compromised. No system is perfect. If there was a perfect security system there would be no need for any progress in the industry, however, with the quickly evolving technology market, there will always be bugs and holes in software and in thinking that need to be repaired.

The tool sits inside a network and is used to track suspicious activities of intruders. The article explains that this philosophical shift is attributed to the fact that most attacks have become highly sophisticated, as they are driven by desires for financial gain of hackers, so fiscal and attack success become tightly related to one another.

The saying goes, “Keep your friends close but keep your enemies closer.” I feel as though this was a shift in security attitude that needed to happen. You can't always rely on your system of intricate firewalls and protocols to keep you safe, as we all know that human error comes in to play with any sort of legislative protection. You cannot prevent someone from making a mistake, so having the proper counter-measures in place along with proper defenses may be just what this industry needs, even if it is simply a matter of deterrence and countering hacker incentive with a greater risk of detection.

Microsoft tanks botnet progress...

A botnet at its very basic elements is comprised of computers that are infected by malware, that then issue status updates and await commands from a command and control server somewhere in cyberspace. These commands could range from forwarding traffic for a hacker's anonymous browsing needs, to downloading more malware and executing code to initiate denial of service attacks.

Microsoft took down two of the command and control machines in the Zeus botnet on their own accord through their own personal federal filings and actions.

This article from Kelly Jackson Higginson DarkReading explains that Law Enforcement Agencies, Tech firms, and other Non-governmental organizations around the world work together and work towards tracking and disabling botnets.

Law enforcement across the globe is in outrage because of the lack of cooperation.  Apparently Microsoft took US Federal Court orders and made a move against the botnet control computers by effectively killing off two IP addresses. The concern is that Microsoft's actions have both harmed ongoing investigations in locating the source of the botnet masters, and damaged valuable trust among various entities involved in tracking and disabling botnets around the world.

After the debacle, Microsoft was coincidentally absent in a recent take-down of the Kelihos (Hlux.B, Kelihos.B) botnet. Their method of take-down? 'Poisoning' the P2P network with their own white-hat malicious code that essentially points infected machines to listen to a dummy control center, therefore sapping much of the power of the botnet.

“The Honeynet Project has led the industry in helping define proper botnet take-down procedures. Botnet take-downs are complicated and care must be taken not to overstep the legal or other boundaries, according to Honeynet officials. “

The question remains, how should this type of act legally be handled? Microsoft obviously has a metaphorical gun pointed at their head for their flippant maneuvers, but I believe that they could have been completely justified under the right circumstances. Yes, I agree that harming years of research and investigation is a fairly large mistake, however, if it were in person would you be penalized? What I mean is, if you saw someone who was a wanted criminal on the street (rapist, murderer, kidnapper), would it be wrong to turn them in or make a snap decision and attempt vigilante justice if it seemed like this was a once in a lifetime chance to stop another crime?