The Symantec Security Response blog reports a new local escalation of privilege vulnerability for Windows XP and Windows Server 2003 (fully patched and with latest Service Packs applied). Apparently Microsoft is already aware of the issue. Some driver included by default seems to be the culprit.
Don’t know what to read this weekend? :)
“A Multi-perspective Analysis of the Storm (Peacomm) Worm” by Phillip Porras, Hassen Saidi, and Vinod Yegneswaran. Also, some useful links in the same site with further info on Storm.
Seen at xkcd
Interesting article on “counterintelligence” initiatives to proactively stop insider attacks and information leaks: “Insider Attacks Put IT Security on the Offensive” by Tim Wilson at DarkReading.com
“Companies are beginning to see that most of the tools they are using — firewalls, intrusion prevention, log analysis, even a lot of the data leak prevention tools — are really only useful after you’ve been compromised,” says Kevin Harvey, senior sales engineer at Fidelis, who has participated in hundreds of insider threat assessments for large enterprises. “What they’re looking to do now is develop ways to proactively seek out the threats and prevent them, rather than just find out who did it.”
I wonder if it’s possible to implement this without companies misunderstanding it and turning their IT environments into Orwellian “ubiquitous law-enforcement” tools?
Another key piece of the “counterintelligence” puzzle is monitoring employee activity. “In our environment, any employee can use an online form to report suspicious activity,” says an IT security officer at a large banking company, who asked not to be identified. “That alerts corporate security, which then investigates.
[…]Many experts also recommend using employee monitoring tools, which can help identify unusual behavior and activity at odd hours.
If you can read Spanish, I’ve posted an article in three parts on my personal blog about Computing Forensics.
