Security Flurry - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Security Flurry

On any given week, there's a tug-of-war among the new threats and vulnerabilities spilling out, and the programmers and cops trying to contain them. Last week's struggle had some particularly engaging efforts. On the downside, two big vulnerabilities were found in the Firefox browser, and the Sober.p worm was found to be evading many antivirus scanners. On the upside, Novell took steps to tighten up its Linux operating system, Microsoft unveiled a service for ad hoc security guidance, and Swedis

A Layer Of Security For Linux
In a move to improve the security of applications running in Linux environments, Novell last week said it has acquired Immunix Inc. and its AppArmor software. Financial terms weren't disclosed.

AppArmor is used to prevent applications operating in the Linux environment from being co-opted by viruses, worms, and other malware into doing things they shouldn't. Using application-containment technology, AppArmor keeps applications from "masquerading," or using ill-gotten permissions to do malicious things, says Ed Anderson, VP of product marketing for Novell's platform group.

It offers a layer of protection if Novell's access controls and password protections built into the operating system are compromised. Novell is making AppArmor available with SuSE Enterprise Linux 9 and subsequent versions of the operating system.

Ed Anderson

Ed Anderson
The company's YAST (Yet Another Setup Tool) management software is used to install and configure AppArmor and define what an app is and isn't allowed to do.

Novell decided to acquire Immunix rather than partner with the company for its technology. "A lot of customers are wary about working with smaller companies that don't have the breadth of support," Anderson says. Novell wants to make AppArmor more mainstream by folding it into the company's suite of Linux offerings.

Immunix engineers were instrumental in developing the open-source Linux Security Modules project, a general-purpose framework for access control, Anderson says, and will continue to conduct Linux security research as Novell employees from their lab near Portland, Ore.

-- Larry Greenemeier

Microsoft Adds To Warnings
Microsoft unveiled a security advisory service to plug the gap between public disclosure of a vulnerability and the availability of a patch.

Dubbed Microsoft Security Advisories, the service is a pilot program begun in response to customer requests, says Stephen Toulouse, program manager at the Microsoft Security Research Center. "When we got down to it, in the absence of a bulletin, customers wanted us to provide authoritative guidance on security-related topics," Toulouse says.

Microsoft's security advisories--the first two of which were issued last week--will offer early workarounds for vulnerabilities before a patch is ready. "If there was public vulnerability posted, the advisories could be used to provide guidance on workarounds," Toulouse says.

The advisories, which in some cases will morph into actual bulletins, will follow the general format of the existing security bulletins, because feedback for the latter has been positive and users are familiar with the layout. But the advisories won't come with the severity rankings used for bulletins, which are accompanied by a four-step rating that tops out at "critical."

In some cases, Toulouse says, Microsoft will use the advisories to debunk hoaxes about phony vulnerabilities or to document updates on earlier vulnerabilities that have been patched but are being exploited in new ways.

John Pescatore, VP at market research firm Gartner, says the new service is a good thing. "The more security advice on how to make Windows protected, the better."

-- Gregg Keizer, TechWeb News

Suspected Cisco Thief Nabbed
Police in Sweden have arrested a suspect in connection with the theft of Cisco Systems networking equipment source code last year, the company confirmed last week.

A spokesman for the FBI says the case is ongoing and declined to offer details.

The stolen code was a portion of Cisco's Internetworking Operating System version 12.3. The incident has been a matter of concern because malicious hackers might find flaws in the code that could be exploited to impair Cisco's routers, which handle a significant portion of traffic on the Internet. At the time of the incident, however, Cisco said that the availability of its code didn't pose an increased security risk.

While recently Cisco has been promoting what it calls the Self-Defending Network, its defender in this case has been the network of national and international law-enforcement agencies. "We have worked hard to develop strong partnerships within the international law-enforcement community," an FBI statement said. "In this case, we have been working closely with our international partners to include Sweden, Great Britain, and others. As a result of recent actions, the criminal activity appears to have stopped."

-- Thomas Claburn

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Why IT Leaders Should Make Cloud Training a Top Priority
John Edwards, Technology Journalist & Author,  4/14/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Lessons I've Learned From My Career in Technology
Guest Commentary, Guest Commentary,  5/4/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll