About the Sana Labs team

« January 2006 | Main | March 2006 »

February 15, 2006

Freedom to Tinker and Sony DRM

The giant brains over at Freedom to Tinker (http://www.freedom-to-tinker.com) have released their opus on the Sony DRM technology. Their thorough and thoughtful analysis should be required reading for anyone in the security industry.

http://itpolicy.princeton.edu/pub/sonydrm-ext.pdf

Posted by Jeremy at 09:51 AM | Comments (0)

The new face of phishing

One of the basic aspects of security is trust. Trust is a difficult thing to quantify, to assign, and to validate. This has not stopped the Internet from being built relying on trusted authorities to tell us, the great unwashed masses, who is a scammer and who is for real.

So on that note, some phishers have taken a step forward in sophistication. According to several articles (one of which is here: http://www.boingboing.net/2006/02/14/phishers_trick_inter.html ), a phishing site was erected that not only looked like the legitimate bank, but it had an SSL certificate issued from Geotrust, and assurance from Choicepoint that they were the genuine article.

What do we do if even jaded security professionals can get duped, and the mechanisms that are in place to assure individuals about who we should trust and who we should shun are compromised?

I do think that incidents such as this will raise awareness in the trusted authority community that scammers are now actively targeting them. While I love that SSL certificates are no where near the price they were five years ago, I do believe that improvements in fraud detection from the cert authorities will enter an arms race similar to that of the malware/anti-malware dynamic.

Posted by Jeremy at 09:31 AM | Comments (0)

February 04, 2006

Zero day for you?

The term zero-day is pretty common, and used to mean an attack which is happening before anyone in the security community knows about it. It is commonly used to talk about worms and viruses, with the meaning that a zero-day worm has no "signature".

With the recent Nyxem worm, Sana's SafeConnect detected it without signatures. By the time we had analyzed it, only one other anti-virus company had a signature for the sample that we had. Within the next 4 days, the other 22 odd anti-virus products that we test against duly added signatures for the worm.

The customers of the last product to get a signature would then have had a "zero-day" attack possibly proceeding for 4 days!

Posted by matt at 03:07 PM | Comments (0)