Thursday, May 14, 2015

Waiting for VENOM exploits

Today there is no talk about anything else in the INFOSEC experts community. The VENOM vulnerability, which stands for "Virtual Environment Neglected Operations Manipulation", is on everyone's lips: Maybe it is exaggerated or not and blah, blah, blah. We will join the discussion about this new bug with even its own logo, and we'll also discuss the adoption of the law which puts an end to the NSA, the Chinese group which "works" from Microsoft website and about how Canada has halved its spam.

VENOM is another super-bug of those which had spent years without anyone noticing, 11 in this case, and has affected thousands and thousands of virtual machines created with some of the most popular open source platforms, luckily, not all of them. It enables to take control of virtual machines and its hosting server and others close, for intellectual property theft, passwords, bitcoins and whatever emerges. Although there are patches, the patching frequency is always uncertain so the arrival of the first exploits are expected, and probably as we write these lines may already run through the underground.

Meanwhile, the US Congress House of Representatives makes history by passing a law which would limit the NSA competences when monitoring the US population. Although activist groups like the Electronic Frontier Foundation have criticized the law as too lax, it remains a major step on the road to curb the indiscriminate use of electronic surveillance tools by the secret services. It is expected other governments will follow suit.

Those who will be more difficult to curb are cybercriminals. We knew today via FireEye the height of chutzpah: The chinese computer mercenaries group APT17 have been using the Microsoft TechNet site for storing IP addresses of servers controlled by their botnets. The Chinese would not have even needed to storm the Microsoft website, but simply use its legitimate functions.

Another height of chutzpah is spam, which is not only not falling in the recent years, but increasing without anyone stopping it, and it is the reason why more legitimate businesses are using this despicable marketing tool without any fear. An example to follow would be Canada: within a year, spam has fallen by 37%. How? With a law which restricts when and how you could send commercial mail on the Internet and placing significant fines on those who do not comply.

By is sure some of our readers would love to live in Canada in this very moment. We send greetings to those who already read us from there.


Post a Comment