EYE ON SECURITY

The World of Secure Development.

August 2007

Symantec has released its Norton Internet Security 2008 and Norton AntiVirus 2008 for Windows XP Service Pack 2 and Windows Vista users. In addition, Norton Internet Security 2008 also features Norton Identity Safe to protect users’ identities when they buy, bank, or browse online. Moreover, the company claims to have optimized each product for greater performance, improved technical support, and reduced user interruption.

New to Norton in 2008:

• Browser Defender. Defends against drive-by downloads and other new or unknown threats that exploit vulnerabilities in Internet Explorer. Zero-day proactive protection against obfuscated code attacks using ActiveX, JavaScript, and VBScript that specifically target the browser.
• Norton Identity Safe. Keeps personal information and identity safeguarded when buying, banking or browsing online. It enables users to control which information is shared with Web sites, stores private information securely, and fills in passwords and Web forms automatically. It stores and encrypts passwords and other confidential data, automatically retrieving it at a user’s request to save time and protect it from being stolen by eavesdropping keystroke loggers.
• One-Click Support. Delivers the same access to support options previously available in Norton 360. This approach to support automatically troubleshoots common issues such as connectivity, licensing, and product activation. It also provides direct access to tech support via telephone, free email or free live chat -- all from within the main user interface.
• Home Network Feature. aps connected devices to provide a view of devices on the local network. Monitors the overall security status of other computers with Norton Internet Security 2008 or Norton AntiVirus 2008 installed. In addition, within Norton Internet Security 2008 this feature checks the status of wireless network security, alerts users when they connect to an unsecure wireless network, and provides expert advice to help users manage network security settings. Wireless network security status provides recommendations for securing wireless routers along with educational information about home network security.
• Performance. Compared to Norton Internet Security 2007, the 2008 user interface responds 22% faster and completes a quick scan up to 39% faster.

Additionally, both products include SONAR behavioral detection technology that protects against malicious code before standard virus and spyware detection definitions have been created. In Norton Internet Security 2008, SONAR runs a full scan every time an application attempts outbound communication, further protecting identity information by improving the firewall's effectiveness against unknown threats. This new functionality complements the existing security protection of Norton Internet Security, which includes rootkit protection capabilities as well as new Threat Interceptor vulnerability protection technologies.

Posted by Jon Erickson at 01:14 PM  Permalink |

From where you sit, is spam getting better or worse? Well, from the perspective of the folks at SonicWall, things aren't getting much better.

According to the statistics released by SonicWall last week, in fact, spam, viruses, and phishing attacks increased by 4 percent in Q1 2007, and comprised 37.4 percent of all e-mail, with the remaining 6.9 percent being good email -- a 3 percent increase over Q1 2007

SonicWall reports that there are 6.1 billion phishing e-mails sent world-wide each month. And according to the Anti-Phishing Working Group that translates to 37,438 unique phishing web sites detected in May 2007. Okay, that's a drop of over 18,000 from April, but still a big jump from the 7,484 in January 2006.

Most recently phishers have turned their attention to PDFs, Excel, and Zip files to embed come-ons. It was during the second quarter of 2007 that PDF spam emerged as a persistent threat. These types of e-mail attacks typically contain little to no text in the body but attach a PDF file, usually a stock or drug spam message containing malicious code, which, if opened, can be automatically downloaded onto a victim’ s computer.

Data regarding spam statistics collected by SonicWall's was pulled from its Smart Network database of over 1.3 million e-mail users. The results were based on aggregated results from the SonicWall Smart Network from April to July, 2007.

Posted by Jon Erickson at 05:33 PM  Permalink |

CERT has released for download a beta version of its managed string library for C.

The library was developed in response to the need for a string library that can improve the security of C-language programs while eliminating obstacles to widespread adoption and possible standardization.

The managed string library is based on a dynamic approach; memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, null-termination errors, and truncation by ensuring that there is always adequate space available for the resulting string (including the terminating null character). The one exception is if memory is exhausted; that is treated as an error condition. In this way, the managed string library accomplishes the goal of indicating either success or failure. The managed string library also protects against improper data sanitization by (optionally) ensuring that all characters in a string belong to a predefined set of "safe" characters.

For more information on the project, see:

• Specifications for Managed Strings.
• Managed String Course -- Safer Strings in C: Using the Managed String Library.
• Managed String Library for C: Strings are of special concern in secure programming
• Information Technology - Programming languages, their environments and system software interfaces: Specification for Managed Strings.

Posted by Jon Erickson at 02:33 PM  Permalink |

If you're interested in cryptographic algorithms, you might want to take a look at the National Institute of Standards and Technology's (NIST) Special Publication 800-78-1, Cryptographic Algorithms and Key Sizes for Personal Identity Verification. The recently released document has been modified to enhance interoperability, simplify the development of relying party applications, and enhance alignment with the National Security Agency’s Suite B Cryptography. In addition, a new cryptographic migration timeline has been developed based on advances in cryptoanalysis of algorithms as well as operational deployment considerations.

Posted by Jon Erickson at 07:39 AM  Permalink |