This week in Infosec - 2008-09-01
A snapshot of what’s been talked about in the IT Security realm over the past week.
Who’s responsible for Cyber Sec?
Lots of talk lately over who’s responsible for Cyber Security - the government or the private sector.
I suspect that since this is an election year, everyone’s trying to position themselves to be in the best position to get the ear of the next administration.
A smattering of articles
- National Cybersecurity Responsibilty: Public v. Private. Where Do You Stand?
- Disconnect Between Private Sector and Government on Cybersecurity
Threats
BGP Vulnerable
Some articles about the BGP hack executed by Anton “Tony” Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, showed their technique at DefCon.
Revealed: The Internet’s Biggest Security Hole
No one seems to be freaking out about this like they were with the DNS vulnerability discovered by Dan Kaminsky, but time will tell.
Perhaps it’s because you need a BGP router :)
Dan actually posted some good details on the actual threat:
The Emergence Of A Theme
Worth a read, start at the section titled: “Kapela and Pilosov’s BGP flaw”
Microsoft ActiveX
I didn’t even bother to read the bulletin on this one, but the vulnerability is another example of why we should focus on attack surface reduction…
Microsoft Windows Media Services “nskey.dll” ActiveX Control Remote Buffer Overflow
The description leads to perhaps the most useful piece of documentation from Microsoft:
How to stop an ActiveX control from running in Internet Explorer
Note, The article fails to mention how to uninstall the controls for the safest form of mitigation.
To be fair to Microsoft, there were a few other ActiveX vulnerabilities disclosed this week as well.
See you next week.
Bill
April 12th, 2009 at 10:53 pm
Just grabbed the feed… thanks for posting this.