Posted by Monte Robertson on Fri, Jul 23, 2010 @ 05:33 PM
Part of the problem with Malicious software is that it can be found everywhere. In this case it was found in the supply chain for Dell servers where the W32.Spybot worm is embedded in the flash of the Mother boards.
More on the story from the good folks at the Register HERE
Servers affected so far:
PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410
When these things pop-up it is safe to bet that what is being reported is just the tip of the iceberg. The real issue could be many times larger than what is initially reported. So it begs the question, who is watching the assembly processes of all the large hardware manufacturers and how closely?
One could hope that someone is reseraching into the source of the computer security vulnerability to find out what else is infected out there.
Malware is big business and getting it installed during the assembly pipeline is going to become more attractive to those looking to do harm. Maybe it is time to go back to building our own machines so we know they are clean?
Some say that Antivirus software should catch it, that is if the owners are running Antivirus software on the server...
Computer security is not just for the desktops and laptops, it should be considered even for computers that do not go on the Internet or just have parts replaced.
Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Fri, Mar 26, 2010 @ 08:13 PM
It appears that the US is in serious trouble when it comes to Cyber security.
Experience has shown us here at Software Security Solutions that most consumers (home computer users) feel that Antivirus software is all they need and that the Internet is a safe place (surprise, it is not). Businesses focus on keeping their business going, and not so much on computer security. Being part of a small business I certainly understand that focus.
Not much effort is required to find hard evidence showing that security software and security appliance hardware is not holding up to the latest threats. See an example despite all the efforts of the Antivirus and Internet Security Industry here.>Cyber threats to the US<
Cyber security requires much more than security software and hardware appliances can provide both at home and at work. It requires understanding, work, process and much more. The bottom line is; if we choose to connect critical information (making us a target) to the internet, then prepare to get the just desserts.
So what can we do? Right now the answer is Layered Security. The answer is complex, for now, but first we need to rewind a bit.
Job one could be to standardize. Job two could be to simplify.
Security Standards: (for Antivirus Software Manufactures)
Standards make it easier to manage and support whatever it is we are trying to do, if the standards are not written by a crack-pot. Why can't we start by standardizing the names of the threats we do know about? It is no secret that most the Antivirus software companies' detections are pretty much the same when we factor in the exposure risk. So why all the smoke and mirrors of every Antivirus company calling the same threat something different? What good does it do, and how does that help protect the end users?
Simplify - (for Antivirus Software Manufactures and end users alike)
Do we really need every widget, bell and whistle? Do we really need all those different programs doing the same thing differently? How are we at making sure every one of those programs on each computer is secure and up to date? What can we do to simplify, thus reducing the threat surface area? Is there opportunity in standardizing and simplifying our computer security?
When life is simple, life is good. Just ask someone that doesn't own a computer. They seem to get along just fine.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Sat, Feb 27, 2010 @ 01:35 PM
Rat's, Worms and Viruses - oh my!
I saw a picture of an Antivirus Ad running in a store-front window the other day. The ad used a bunch of in-sync monitors intended to give the passerby an uneasy, but at the same time safe feeling, about being on the Internet. It occurred to me this was a very creative way of presenting FUD.
Fear, Uncertainty and Doubt is a main motivator driving our economy. These are key emotions played upon by many industries because fear is big business.
I am not a big FUD fan because it is not a fair tactic, especially when used on those who are easily impressed or naive about things of this world. It is hard to draw a definitive line between what should be feared and simply presenting the facts. Wouldn't it be better to just promote the positive and not accentuate the unknown?
So, maybe this begs the questions;
1. Is the Internet to be feared? And;
2. Does Internet Security really exist?
The nature of the Internet is a medium to mostly share information. If you have information that is not to be shared, it probably should not be connected to the Internet. Why? Because of this fact; you cannot simultaneously share and secure the same data. Simple sounding, yet harder make real. Or is it?
Reading what I read daily about Internet security, the uneasy feeling about being on the Internet is well deserved. Experience tells me that the safe feeling about Internet Security must be worked hard for and earned.
So yes, Internet Security really does exist and is a direct result of the choices we make. Life is a risk, so we live with the choices we make every day. Choose well. That's the best one can do.
Security as a Service for Businesses who have better things to do. 303.232.9070