Posted by sarahkcloseAuthor: sarahk Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (49) @ Mon, 30 Mar 2009 08:07:30 -0400

What Will Go DOWNAD on April 1?  By Trend Micro

Much has been said about the DOWNAD worm (a.k.a. Conficker) and its enigmatic payload that will supposedly be unleashed on April 1st. There are two days to go until the moment of truth and the hype isn’t expected to die down. But online threat history tells us that trigger/activation dates of equally hyped malware have come and gone without much fanfare. Whether or not April 1 will play out to be D-Day indeed, the security industry will be keeping an eye out for any malicious activity—like it should.

What we do know at this point is that the latest variant, which we detect as WORM_DOWNAD.KK (first detected on March 4, 2009), includes an algorithm to generate a list of 50,000 different domains. Five hundred (500) of these will be randomly selected to be contacted by infected PCs beginning April 1, 2009 to receive updated copies, new malware components, or additional functional instructions.
Read more: “What Will Go DOWNAD on April 1?” - http://blog.trendmicro.com/what-will-go-downad-on-april-1/#ixzz0BFGI6FLh

Posted by sarahkcloseAuthor: sarahk Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (49) @ Fri, 20 Mar 2009 11:43:49 -0400

Welcome to InChannel for March 2009

Please take  a look at our new layout. You  may notice variations of this layout over the coming months until we find the just the right form and feel but the information is always guaranteed to be insightful and valuable.

Thanks for reading!
-Interwork Team

Posted by sarahkcloseAuthor: sarahk Name: Sarah Kane
Email: sarahk@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (49) @ Thu, 19 Mar 2009 11:40:27 -0400

by Peter Cox Founder and CEO of UM Labs Ltd.

The last couple of weeks have seen two significant VoIP vulnerability reports. The first, with the alarming name INVITE of Death, reported a vulnerability in an open source security product where a single malformed call request (or INVITE) can trigger a service failure (see http://ims-bisf.nexginrc.org/OpenSBC-vul.html). The tested product uses a popular SIP stack and so the same problem may appear in other products.
The second vulnerability, with the comparatively mundane name of SIP Digest authentication relay attack, is technically much more complex. The vulnerability was originally discovered by INRIA, a French National Research Institute and has now been documented in an Internet Draft.
The attack relies on making a call to a target device and then sending  a carefully designed sequence of valid messages which trick the target device into authenticating a second call made by the attacker. An attacker could use this technique to make calls via a commercial service provider at the victim’s expense. This is yet another example of a toll-fraud attack, a topic that I have discussed before.
 
Far from spelling doom for VoIP, the Invite of Death attack simply demonstrates that VoIP is affected by exactly the same types of vulnerabilities as any other IP application. In this case a simple implementation error leaves the application open to a remote Denial of Service attack. This vulnerability has already been fixed by the product developers.
The relay attack is more of a concern. The attack is made possible by protocol design features. This means that careful planning and implementation and well designed security controls are needed to protect against the threat.
Both of these vulnerabilities underline an important point. VoIP applications are open to application level security threats which can disrupt the service or allow an attacker to gain privileged access to the system.
Application level threats require application level security controls. So if you are relying on a generic firewall to protect your voice system, the chances are that it will not block or even detect these threats.

Search

Recent Posts

• Beyond Security Presents: How to Profitably Deliver VA/VM
• Beyond Security - The Leader In Automated Security Testing Technologies
• WatchGuard Leads Small & Midsize Security Market
• Forbes Names Scale Computing No. 13 on America’s Most Promising Companies List
• WatchGuard Unveils Top 10 Security Predictions for 2012

Categories

• Active Directory
• Android
• Application Control
• Asset Management
• Attachmate
• Authentication
• Beyond Security
• Call Recording
• Circadence
• Cloud Computing
• Cloud Storage
• Collaboration
• Connectivity
• CTERA
• Cyberoam
• Data Loss Prevention
• Data Security
• Desktop Management
• Email
• End Point
• Energy Efficiency
• Exchange Server Solutions
• Firewall
• ICOS Technology
• Ingate
• Ingate Systems
• Instant Messaging
• Integration
• Internet Content
• IP PBX
• IP Phones
• Medical Imaging
• microsoft
• my.interwork.com
• Network Management
• NovaStor
• novell
• Open Text
• Panda Security
• PoE Switches
• promotions
• Reporting
• Route Analytics
• SC Magazine
• Scale Computing
• ScriptLogic
• SIP Trunking
• snom technology
• Storage
• Storage Protection
• Sustainability
• Switches & Gateways
• Systems Management
• Terminal Emulation
• trend micro
• Uncategorized
• Unified Messaging
• UTM
• Veba
• Verba
• virtualization
• Virtualization Security
• Voice Over IP
• Voice Transcoding
• VoIP
• WAN Optimization
• WatchGuard
• Web Analytics
• XTM

Archives

• February 2012
• January 2012
• December 2011
• November 2011
• October 2011
• September 2011
• August 2011
• July 2011
• June 2011
• May 2011
• April 2011
• March 2011
• February 2011
• January 2011
• December 2010
• November 2010
• October 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• December 2008
• November 2008
• September 2008