Nclose is proud to announce that we have been awarded Websense Gold Partner status. Websense Gold Partner status demonstrates a companies ability to succesfully plan and implement Websense solutions by maintaining technical and sales oriented certifications. For more information on the Websense solutions available please contact us to setup a demonstration.

The Cape Town Information Security Group held a meeting on Tuesday afternoon with two speakers. First, Randolph Osterrroht from One Digital Media introduced and played a video on "No Tech Hacking". Secondly, Martin Potgieter from Nclose did a talk on web application security. The slides for the web application security talk can be downloaded here. Both talks brought upon some interesting discussion. For further information on the Information Security Group have a look at their website.

A massive attack on web applications has been making news headlines for the past week. Security professionals have known about the infections since the beginning of the year, but until recently have been unsure what vulnerability was being exploited. Microsoft have confirmed that the attack is not exploiting a recently announced IIS vulnerability, but is instead using Google to find IIS websites that accept user input and attempting to exploit them.
The interesting thing is this is a completely automated way to attack web applications. We can expect this to be a serious problem that is going to linger for some time, mainly because it will take months if not years to audit all the different affected web applications, and there are sure to be more vulnerable web applications launched on a daily basis. It is estimated that 500,000 websites have been infected, many of them well know "trusted" sites.

The latest of several reports in the past couple of months confirms the suggestions that rogue DNS servers are gaining popularity with regards to phishing and malware attacks. This also made news a few weeks ago when a Mexican bank was being targeted using a new technique termed "Drive by Pharming" where by ADSL routers where being reconfigured by malware to use rogue DNS servers.


We at Nclose see this becoming a serious problem purely because of the fact that the detection of these types of attacks can be very difficult. This is because no malware code needs to exist on a machine in order for it to be affected by a rouge DNS server. A simple DNS configuration change can cause an otherwise "un-infected" computers to be redirected to malware sites. This will render anti-virus technology useless unless anti-virus technology changes to identify these types of attacks.


Many of the protocols that are in use on the Internet today , like DNS and SMTP, were developed many years ago and security considerations where not part of the design criteria. Malware writers seem to be taking advantage of these deficiencies at any opportunity, and the migration to secure versions of these basic Internet protocols is still many years away.

There are many different perspectives on security issues. Darkreading.com has a write up on Peter Tippett's opinions. He has an interesting and some may say controversial outlook on the IT security industry.
He claims that many security experts are focusing on the wrong risks and should not be so concerned with patching vulnerabilities or ensuring users use long passwords because the odds of being affected by these types of risks are extremely low.