Techdirt. Stories filed under "flame"

Techdirt. Stories filed under "flame" Easily digestible tech news... http://www.techdirt.com/ en-us Techdirt. Stories filed under "flame"http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Wed, 20 Jun 2012 05:05:00 PDT Should We Want A 'Cyberwar'? It's A Lot Less Bloody Than A Real War Mike Masnick http://www.techdirt.com/articles/20120615/16011719352/should-we-want-cyberwar-its-lot-less-bloody-than-real-war.shtml http://www.techdirt.com/articles/20120615/16011719352/should-we-want-cyberwar-its-lot-less-bloody-than-real-war.shtml ridiculousness of the concept of "cyber war." Even with things like Stuxnet and Flame, it seems silly to compare what amounts to either electronic espionage or a little hacking as "war." But perhaps we were looking at it the wrong way. In a Foreign Policy article by John Arquilla, he argues that perhaps we should be embracing this kind of "cool war" as it can be effective at stopping threats (even distributed ones like terrorist operations, rather than just centralized ones like governments), while causing minimal bloodshed:

On balance, it seems that cyberwar capabilities have real potential to deal with some of the world's more pernicious problems, from crime and terrorism to nuclear proliferation. In stark contrast to pitched battles that would regularly claim thousands of young soldiers' lives during Robert E. Lee's time, the very nature of conflict may come to be reshaped along more humane lines of operations. War, in this sense, might be "made better" -- think disruption rather than destruction. More decisive, but at the same time less lethal.

And, indeed, if we believe that reports of "cyber attacks" being used to make planes fall from the sky are greatly exaggerated, perhaps we should welcome a "war" that mainly involves hackers vs. hackers trying to disrupt each others "real" warfare capabilities. But, of course, there are plenty of other issues that come up here as well -- such as how secret hacking programs can be abused. If it gets governments to stop physical battles that lead to real lives lost, that does seem like an improvement, though I'm not sure anyone should think that continuing to attack each other through computers is ever a "good" situation overall.

Permalink | Comments | Email This Story
]]> one-way-to-think-about-things http://www.techdirt.com/comment_rss.php?sid=20120615/16011719352 Tue, 5 Jun 2012 05:05:00 PDT This Is Reporting? Fox News Ties Flame Malware To Angry Birds Because Both Use Lua Mike Masnick http://www.techdirt.com/articles/20120604/04382119189/this-is-reporting-fox-news-ties-flame-malware-to-angry-birds-because-both-use-lua.shtml http://www.techdirt.com/articles/20120604/04382119189/this-is-reporting-fox-news-ties-flame-malware-to-angry-birds-because-both-use-lua.shtml linking the infamous Flame malware to Angry Birds... because both use the Lua computing language (found via Slashdot):

This is, of course, a complete pointless linkage, which seems to serve no purpose whatsoever, other than (perhaps) to attract the attention of those who are obsessed with Angry Birds (an admittedly large group of people). But just because two programs are written in the same language, it doesn't mean... well, it doesn't mean anything of importance whatsoever. Instead, it just seems like Fox News and its "Chief Intelligence Correspondent" Catherine Herridge needed to fill some space and came up with something entirely pointless. But, you know, we need those big professional news companies because of deep, hard-hitting stories like this one.

Permalink | Comments | Email This Story
]]> wow http://www.techdirt.com/comment_rss.php?sid=20120604/04382119189 Mon, 4 Jun 2012 19:37:00 PDT Flame Malware Signed By 'Rogue' Microsoft Cert, Once Again Highlights Problems With Relying On Certs Mike Masnick http://www.techdirt.com/articles/20120604/04301819188/flame-malware-signed-rogue-microsoft-cert-once-again-highlights-problems-with-relying-certs.shtml http://www.techdirt.com/articles/20120604/04301819188/flame-malware-signed-rogue-microsoft-cert-once-again-highlights-problems-with-relying-certs.shtml dangerous our reliance on Certificate Authorities "signing" security certificates has become. This is a key part of the way we handle security online, and yet it's clearly subject to abuse. The latest such example: the now infamous Flame malware that targeted computer systems in the Middle East was signed by a "rogue" Microsoft certificate -- one which was supposed to be used for allowing employees to log into a remote system. Microsoft rushed out a security update over the weekend, but that doesn't change the core problem: the whole setup of relying so heavily on secure certificates seems to be increasingly dangerous.

Permalink | Comments | Email This Story
]]> time-to-move-forward http://www.techdirt.com/comment_rss.php?sid=20120604/04301819188 Mon, 4 Jun 2012 16:29:00 PDT F-Secure Explains Why It Missed Spotting Flame, Despite Having Seen It Two Years Ago Mike Masnick http://www.techdirt.com/articles/20120604/04493919190/f-secure-explains-why-it-missed-spotting-flame-despite-having-seen-it-two-years-ago.shtml http://www.techdirt.com/articles/20120604/04493919190/f-secure-explains-why-it-missed-spotting-flame-despite-having-seen-it-two-years-ago.shtml why various security firms totally missed Flame (and Stuxnet and DuQu) for quite some time -- despite samples having been sent all the way back to 2010. What's refreshing (even as it's surprising) is to see someone so forthright about this being a failure on his part:

What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general.

It's so rare to see someone admit to a mistake -- especially one that seems so big (even if it doesn't really impact most people outside of the Middle East. Part of the problem, he notes, is that spotting this kind of thing is just beyond what companies like his can do:

The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose. And the zero-day exploits used in these attacks are unknown to antivirus companies by definition. As far as we can tell, before releasing their malicious codes to attack victims, the attackers tested them against all of the relevant antivirus products on the market to make sure that the malware wouldn’t be detected. They have unlimited time to perfect their attacks. It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons.

Antivirus systems need to strike a balance between detecting all possible attacks without causing any false alarms. And while we try to improve on this all the time, there will never be a solution that is 100 percent perfect. The best available protection against serious targeted attacks requires a layered defense, with network intrusion detection systems, whitelisting against known malware and active monitoring of inbound and outbound traffic of an organization’s network.

He later concludes: "We were out of our league, in our own game."

Of course, this is the nature of a security system that is based on reacting to threats, rather than preventing security holes and risks, as he more or less explains. In the end, there's a bit of a cat and mouse game going on here, and no one's going to be able to catch all malware. But as even Hypponen admits, the best solution is to rely on more than one method for trying to keep systems secure, rather than believing that there is a single bullet.

Permalink | Comments | Email This Story
]]> cat-and-mouse http://www.techdirt.com/comment_rss.php?sid=20120604/04493919190