As it turns out, students in the many fields of IT such as software development are still being taught the lessons of old and not being taught how to pro-actively design software to defend itself from attack. This is the result of a recent survey which shows that many programmers and developers to be are not getting ample courses in integrating security into their systems. They are left to fend for themselves and have to rely on patches to overcome development bugs that could have been fixed before they became problems in the first place.
I started out as a programmer in the glory days of FoxPro and C++ and such events that we have now are non-existent or are not as malicious as they are now. Back then, they simply messed up the display of garbled the contents of a floppy with no bearing on Phishing or Vishing and the myriad of stuff today’s malware do. Security has become such an issue with development that people today have to rely on anti-viruses and other intrusion prevention systems for their systems to remain reliable. Incorporating more security into applications would prevent weaknesses even if bugs are present in the program for no system is totally fool-proof. We would still need these intrusion protection systems yet not as highly dependent on them for basic security needs.
Most companies rely on million dollar contracts with software developers who design software to protect their software, McAfee, Symantec and many other security software developers have shifted focus more on intrusion prevention and less on anti-viruses for today’s malware have gotten to a level of sophistication that they can self-modify themselves to elude anti-virus programs of the past. Integrating encryption and other security provisions into the software itself may take longer but it would provide a level of security that hackers would not find easy to break. Education is the key and knowledge is power, so giving the next generation of developers the knowledge to incorporate security greatly increases the level of power over these malicious programs and the hackers who make them.
Archives for May 2008
Open Sourced Developer Reveals a Secret
The secret he has forgotten for 25 years way back when he was a developer for BSD which is the forerunner of today’s open sourced programming languages. The length of time the said bug has remained in the system so to speak is so critical that he has warned people of the problem as it came to him. He investigates further and finds that all the derivatives of BSD still carried the same bug that he forgot to correct way back in the early days of the open source drive. Why is this so significant, the error though a quarter of a century old still exists in Operating systems like the Mac OSX which is a BSD derivative. From FreeBSD, NetBSD and Dragonfly BSD, they all carry the same old bug that Marc Balmer had to affect all of the changes immediately so no further problems arise.
Open sourced advocates claim that they are faster when it comes to fixing bugs which they do so when a member of the community reports one, the concession is reached and a subsequent patch is issued with mail sent to all those concerned. This incident highlights the need for better analysis of the tools used for our internet use. Imagine a vulnerability that has existed for 25 years and the solution was provided for by the original developer? If he had passed away then who would have realized such weaknesses? This may be the explanation for some of the biggest security threats we have been encountering all this time with malware. So the lesson would be not to totally rely on technology for it is still the man who makes the machine (computer) and tells it what and when to do it.
Microsoft’s To and Fro
The news that Microsoft was going to drop everything that has to do with Windows XP came as a shocker to all for not everybody was ready to jump onto the Vista Bandwagon which has nothing to show in the area of reliability and stability that XP has shown. As with their move when they pulled out the plug on Windows 98, many went up and many took up arms to show their disgust. Many saw it as a move to force people to upgrade to a newer operating system even when the old one was still working just fine. Windows XP has reached a level of stability which has exceeded that of Windows 98′ but the company initially saying they were pulling the plug irked quite a lot of people that they decided to have support for it till 2009. They also said that the selling of OEM and packaged XP’s were to be stopped and that they were only to be available to Ultra-portable sellers.
The Up’s and Down’s of their decisions may show that the company is feeling the pressure form the open-sourced community and that it is trying to keep hold of their piece of the pie in the IT market may be in danger of being lessened. Their failed bid to acquire Yahoo as a move to go against Google shows the failure of their company to realize the significance of advertising. They were hoping to acquire Yahoo to use as their internet marketing branch and to get a bite of the search engine market at the same time. They have extended support for XP till 2009, but the problems with XP SP-3 have been so much they had to hold release a week or so back. The update is now available for automatic or manual download from Microsoft’s TechNet and through AutoUpdate.
McAfee Detects Malware aimed at Tibetan Supporters
The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
This raises suspicion though the experts are not raising the idea that it may have been developed to wreak havoc on sites the Chinese government have identified as supporters. The Chinese link has yet to be officially declared but anyone knows these types of attacks are a common practice of hackers. The surprising fact is that it is similar to a patriot which locks in on a target which has been designated by mission control effectively getting its target in any weather. The aiming is quite precise which leads conspiracy theories to the conclusion that it may be an attack on these sites from the inside. Much is to be learned from the Trojan as it is tracked and detected throughout the globe. Major developers of anti-viruses have been able to remove and block it but unprotected machines may prove to be too easy a target for the Trojan.