title: Fun with rootkits and online gaming flaws link: https://onemoretech.wordpress.com/2008/07/16/fun-with-rootkits-and-online-gaming-flaws/ author: lembobro description: post_id: 488 created: 2008/07/16 19:34:32 created_gmt: 2008/07/16 19:34:32 comment_status: open post_name: fun-with-rootkits-and-online-gaming-flaws status: publish post_type: post

Fun with rootkits and online gaming flaws

The Security Bites podcast is another great resource for keeping up with what’s happening in software security. Like Gary McGraw’s Silver Bullet Security podcast, its focus on O/S and application level issues is an important corrective to the network layer-centric discussions of the past decade.

The June 20 broadcast, entitled Of Rootkits and Online Gaming Flaws had host Robert Vamosi discussing the title subject matter with author and security expert Greg Hoglund, whose Exploiting Software: How to Break Code is on my personal summer reading list.

Greg talks about the single greatest threat to the enterprise, “desktop exploitation”. Now that we’ve succeeded in securing our networks from attack by closing down any ports that remote packets might travel over to induce buffer overflows , the bad guys have turned to infiltrating through rich content — PDF documents, Flash, anything with embedded Javascript. The problem is that the enormous complexity of today’s desktop, with dozens of com objects interacting together to render that content, all without any firewall or intrusion detection capability

Here’s my favorite Q & A from the interview:

VAMOSI: So are there good defenses for rootkits today or are we still on a learning curve? You mentioned that the AV companies miss a certain number of packed malware, are they missing the rootkits?

HOGLUND: Oh yeah, they’re, they’re missing everything. They simply don’t work, OK. And I have a sort of a cynical view on it. I’ll admit that. I’m at the other extreme of this where I’d actually say that we’ve wasted billions of dollars on snakeoil. We are just as insecure today as we were in 1999. The bad guys are still getting in. They still have their malware. They’re still stealing from us… So, yeah, they’re going to get in. And they are in. Right now every enterprise in the United States is having priceless intellectual property exfiltrated out of their networks, while we’re sitting here talking that is occurring.

They’re missing everything. We’ve wasted billions of dollars. On snakeoil.

Sure sounds familiar to this former government lawyer. More things change …

Copyright 2004-2019 Phil Lembo