You’d Think a Security Product Would Make You More Secure!

October 29, 2009

This week we hacked a bank using an exploit that takes advantage of a vulnerability in Symantec’s Enterprise Anti-Virus Product (nerds say SYM09-007).   And when we say hacked we are not talking about getting access to someone’s iTunes library.  We were able to gain full domain admin privileges (equivalent to “god-like-privileges” in the Windows world).  And with these privileges we were able to access any system in the domain and steal/change/delete all data.  This week’s breach demonstrates that keeping Windows up-to-date is only a part of the solution.

You see, the bank we hacked this week was fully patched with regard to Windows.  They have several hundred Windows workstations and servers, all fully patched.  They had run their patching tool and it reported that all systems were patched.  Unfortunately, their tool only reports Windows patches and not updates to other systems, utilities and applications.

We recommend that all organizations carefully subscribe to notifications and/or monitor for security patch releases for all of their operating systems, utilities and applications.  This year alone we have exploited vulnerabilities in Symantec, Adobe, and many other applications.  Each of these vendors have a webpage dedicated to security updates for their products.  Some even offer a subscription to an email alert.  We recommend you take the time to stay current (at least every two weeks) with the updates at these sites.

See the following links for a few of the vendor applications you have in your environment:

We wish it were easier but it’s not.  From ISACA’s Journal, Volume 5, 2009 (Authors Sethuraman and Adaikkappan), “Information Security is not a destination, it is a journey.  It is a continuous practice.  To achieve a continued success in information security, an organization needs to focus continuously on improving its information security practices as the technical environment keeps changing and new threats arise.”

– TrustCC


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: