Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a great idea, I would be fairly reluctant having such a thing in my chest…

I fairly often at security events just switch on my mobile phone and look for discoverable Bluetooth devices – I always find an alarming number. Even though this is by itself no vulnerability, it would be interesting to see what happens if my mobile would ask me: “Do you want to connect with Joe’s pacemaker”? Scary idea…

There is now a research going on about what happens if implantable technology gets infected with a computer virus. Interesting: First human 'infected with computer virus'

Roger

Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges:

This is Kim's presentation:

If you want his slides, here they are.

And finally he was interviewed after the presentation. It gives you more insights into our thoughts around identity and identity federation:

Remember, from my point of view, identity processes, management and federation are key ingredients for a successful cloud strategy

Roger

Just an update on my recent post  on The “KHOBE – 8.0 earthquake” – What’s behind it. In the meantime we worked with Matousec and confirmed that neither Microsoft Security Essentials nor Forefront Client Security are affected by this “vulnerability”.

So, to me it is as I stated above: Make noise but for sure not on a “scientific” basis as then they would not only have mentioned the “vulnerable” products but the ones which were not exploited.

Roger

On different social media this article actually gets tremendous coverage: KHOBE – 8.0 earthquake for Windows desktop security software. Now, before you read the rest here, I am not an AV-specialist nor do I have very deep, deep knowledge on the details of our file system drivers and the Windows kernel. I just try to apply common sense to this attack:

I was reading through the article and I definitely understand that if you are able to publish a table with almost all the AV-vendors being flagged as “vulnerable” you may drive some attention to your website and to your work. If we do not find one single AV-solution which is not vulnerable in the table, it is kind of strange to start with – oh, it just seems that they forgot to mention a few ;-) - but still you make a lot of noise which seems to be the goal here!

Now, applying common sense to what they did: My understanding is that you have to own the box in order to run the attack – if I am not completely mistaken, you have to be admin to run the attack. Wow, now I am really scared of this: If somebody owns my box, is admin on my box, the most important thing they will do is to apply an attack, which involves having the right timing in place, to switch off my AV? Come on. You just switch off the AV by using a script or do it manually but for sure not with a complex attack.

This is simple risk management. If your biggest risk in your security model is that an attacker, who is already admin on a box applies this attack – I have to congratulate you. If not, well, let’s go back to the real problems we have to address.

Roger

“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective.

One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a huge amount of data we can collect from different like the Malicious Software Removal Tool, Microsoft Security Essentials, Defender, etc. given you agreed to share your data with us.

If we look at the heat map in EMEA, this is the picture you will see:

So, there are different countries which are red (highly infected) and green (not very infected). Now, obviously we do not have the same amount of data for all the countries. If we take the countries with more than 100’000 average executions per month of the Malicious Software Removal Tool, we see this ranking for the best and the worst countries worldwide (the bold countries have an execution rate with more then a million average executions per month):

Let’s take the EMEA countries in this list and see how they developed over the last three reports. The best countries first:

It is actually good to see that with the exception of Senegal all the EMEA countries in the top list could reduce their infection rate. Often this is based on a good collaboration between the public and the private sector.

But what about the other end of the ranking? Let’s see:

Here the picture is not as clear. Some countries like Serbia and Montenegro, Turkey etc. have a very bad 1H09 but then came back to their “normal” level. Unfortunately we cannot see a clear trend here but there are some countries, which are slowly improving (e.g. Russia). There is definitely coordinated activity needed in these countries. Turkey for example is working on pulling people together to address the issue.

If we turn it around and look at it from an Operating System perspective, we definitely see that newer Operating Systems are better than older (which was to be expected):

From the malware we can turn to the vulnerabilities. Since quite a while we are talking about having the problem moving up the stack, which is reflected in the picture on the industry-wide vulnerabilities:

This means as well, that you definitely should cover all your applications when you think about patch management and you have to do this for all your vendors:
When it comes to patching, we see a fairly good coverage with Windows Update, Microsoft Update and WSUS. Especially if you are looking at the relative growth compared to the Windows installed base:

So, you see: There is a lot of great information in the Security Intelligence Report – go and look at it.

Even though I did not go into the details here but Rogue Security Software is still a huge a problem out there and there is a chapter again on this theme as well!

Finally, if I could have three take-away, this would be it:

• Get a coordinated approach to fight malware between the public and private sector
• Move to the latest version of software, wherever you can
• Cover all the products you have with your Patch Management processes

Roger