Monday, February 5, 2018

Foreign body

At the time of doing an organ transplant there is a probability of rejection. When this happens the immune system of the recipient detects that this organ isn´t its own and that it´s a stranger, and therefore an attack. To avoid this type of situation, doctors use drugs to inhibit the recipient's immune system.

This week, as you all know, has been a tumultuous one because of two visitors: Meltdown and Specter. For that reason, in CIGTR, we want to bring to light the interviewthat David Dufour, senior director of cybersecurity and engineering at Webroot, has offered to Info-Security Magazine. Dufour calls these two elements of malware "fascinating" and explains how events about these intruders have developed.

As explained by Dufour, Meltdown and Specter, despite coming hand in hand, do not cause the same damage: "With Meltdown we will be reasonably well protected as there is a software solution for it, but Specter is a family of problems and is We are likely to continue seeing these problems in the coming years. "

Both viruses were very well studied and once the attack was over the reconstruction began. A survey showed data that does not leave anyone alone: it took 20 hours and more than 50 thousand dollars to try to remedy the damage caused. Once the work is done, the area is not completely clean. As Dufour points out, there are chips that can not be patched because of the way they were built and programmed. And this is precisely the biggest vulnerability of IoT devices. About these chips still unpatched Dufour says: "Maybe they're still there, no one discovers them, until someone makes money thanks to their hacking, so I think it's something we have to watch out for."

Meltdown had the ability to read a page file in memory, and like most attacks this implies the need to write something by the attacker to execute the memory. "With Meltdown, it was more about being able to steal information from the file on the page, I do not think anyone has shown that they can read the file on the page." Specter, however, is different because it is a whole family of problems and has not yet been very clear what is going to happen. "According to Dufour:" There is no software to fix the specter problem so now the solution is to patch every problem as it comes to light."

When the patches were released, Microsoft suspended them for causing problems in the devices despite being the cure that stopped the two intruders. The update also led to the start of antivirus programs on some devices because the patched system is not compatible with security programs. In the case of Dufour, he points out that in the case of his company, Webroot's SecureAnywhere, the update was supported by their security systems, so these two viruses were not a big problem for them.

Dufour points out that the problems of patching have affected larger companies more than small ones, since that was where the attackers could make the most profit. However, he also points out that many of the aspects of patching have been sensationalized as the "hack tricks" that in most cases require physical access. "As an engineer, if I have the ability to access permissions, I do not spend the time spinning around and I go directly to where I want to attack."

As in organ transplants, once the problem has been found to solve Specter and Meltdown, many devices have rejected the cure because it is considered a foreign body that could be attacking the system. The similarity between cybersecurity and medicine is amazing and we hope that, like the health sector, the security sector will be treated as a basic right (or obligation) within companies.


Post a Comment