contributed by weld pond and abner
You've heard it before and you'll hear it again. Threats are evolving. We've seen viruses retrieve and forward passwords before on a large scale, now they are becoming targeted and fast. Threat evolution is something that cannot be dealt with reactively; it must be part of infrastructure planning and design. Today, all attention is focused on Microsoft. The world's favorite target has fallen victim to a password-stealing virus that got a hold of passwords that can access the source code to upcoming versions of Windows and Office. It is unclear whether or not the perpetrators were able to use the passwords to actually access and manipulate the source code, however if the source code was accessed two questions remain. 1. Was the code manipulated in some way that could open the door for later attacks or other problems? Microsoft claims no, the code has maintained it's integrity. Other than to trust Microsoft's word we may never know the answer. 2. Does the ability for a criminal group to view the source code destroy the security by obscurity that is key to so many commercial software products? In the open source community, numerous hackers examine products and contribute solutions to flaws in the products. In the commercial world, many companies rely on their development team to produce secure code and then keep the source code secret to not only protect their intellectual property, but also to minimize potential attacks that could be launched against the product. In this case, the loss of security by obscurity could result in a criminal having intimate knowledge of the product development cycle to be able to develop targeted attacks on future Microsoft products. Regardless of the quality of Microsoft products, the mere fact that the company was able to recognize that this incident occurred is unfortunately unique. Many corporations might never know this had happened to them. In fact the ability to isolate the incident to specific networks or machine is quite difficult in many environments. The other interesting thing going on here is the Trojan horse attack. These attacks have been discussed for several years now and the current solution has been to use content filtering software to detect the attack. If you are one of the world’s favorite targets, the Trojan horse writer will write the attack specifically at you. By the time the anti-virus companies know about the Trojan horse and are able to detect and stop it, it’s too late. Unfortunately, it has taken a high profile incident like this for awareness to spread. One solution is to seperate general purpose computing such as internet surfing and email from sensitive computing such as accessing source code or controlling IT infrastructure. This is what the military does. They run 2 networks that are physically isolated from each other. A less expensive solution is to keep all executable content from reaching workstations such as executable programs, active HTML content, or documents that contain macros. This is difficult to acheive in reality so physical seperation is the the only way to be sure you are secure. The Wall Street Journal broke this story and pretty much everybody is currently running it. Look for more information and speculation to filter out through the rest of the day.

Wall Street Journal via MSNBC
Reuters
CNNfN
CNET
Newsbytes
AP via ABC News
Reuters via Excite re: Microsoft Stock Price
Symantec’s Qaz description
F-Secure’s Qaz description via datafellows.com