TechnicalInfoBannerA
TechnicalInfoBannerB
TechnicalInfoBannerC

Papers


  X-Force Magazine
In 2006, while Director of X-Force at Internet Security Systems, Gunter initiated a monthly magazine designed to educate readers about the current threat landscape.  Originally envisaged as primarily an internal resource for the Sales teams, it was quickly modified for customer consumption.

Listed below are the articles he wrote - saved here on this Web site for posterity (and education).

Papers Putting the r00t in Rootkit - The last quarter of 2005 was an interesting period for malcode. We saw the first Web-only worms propagate through popular forums and portals using cross-site scripting; we saw a zero-day vulnerability in Internet Explorer that was quickly adapted to install spyware and backdoors on vulnerable hosts browsing hundreds of porn and warez sites...
Papers "Own-the-Internet" for Fame and Profit - Keeping an eye on the latest security advisories is core to staying ahead in the world of security consulting, but advisories offer more than that. Security advisories largely drive the security vulnerability industry, reminding clients of threats and reinforcing the need to maintain constant vigilance.  
Papers Worms that Fail to Turn - A couple times each year we see Microsoft release fixes for a vulnerability that sends system administrators, security researchers, blackhats and worm writers scrambling.  This years first was MS06-040, or more specifically, the August buffer overflow in the Microsoft Windows Server Service.
Papers Platform Popularity - Security in Obscurity? - For several years there has been mudslinging between the various proponents of the Microsoft Windows and Linux operating systems pertaining to the security of their favorite operating system.  Many professionals have joined the fray, but the final verdict for most users has been a confused draw.  In the end, the security...
Papers Obfuscating Scripts - In recent years there has been a marked shift in the number of attacks that have centered upon compromise of the desktop through web browser vulnerabilities.  The attacks typically rely upon the user navigating to a website or, more often, a specially constructed web page which has been designed to exploit a vulnerability within the web...
Papers Breaking up the Attack - For several years now, some of the more advanced commercial penetration testing tools have made use of packet fragmentation techniques to obfuscate vulnerability checks or exploit attempts in an attempt to bypass legacy firewall and intrusion detection systems.  In most cases, depending upon the actual security device defending...
Papers Scaling an Attack - When I meet with an organizations CSO or Head of Security and we talk about the latest threats or the motivations behind a high profile security incident, they are often surprised at the scale of some of the targeted attacks now underway. They are all used to the endless rain of unsolicited and unwanted Spam messages which constitute 80-90% of all...
Papers The Common Vulnerability Scoring System (CVSS) - Over the years I’ve seen, and used, a diverse range of methods to evaluate and explain the risks associated with a particular security threat or vulnerability.  Depending upon the audience and the nature of the environment being evaluated there has always been – and always will be – a frequent need to reclassify the...
Papers The Worm that Turned - As expected, the first major vulnerability this year within a Microsoft operating system (2006) - exploitable through a default network-accessible service - had the exploit writers pulling out all stops to be the first on the block with exploit code.  Within days the virus and worm writers had a half dozen code exploit examples for the Plug and Play vulnerability and were updating their creation kits with them. 
Papers Wireless Security - As the number of wireless access points dotted along the high-street and within airport terminals around the world continue to grow and propagate a “connect-anywhere-anytime” philosophy, similar to that of the mobile phone phenomenon in the early ‘90’s, organizations are struggling to understand the latest security implications for their mobile...
Papers Embedded Operating Systems - Each week, as we sit and watch the news, we hear about the latest security vulnerability or worm that places our computer at risk. The story has been repeating itself for over a decade — with only the names changing on a weekly basis. Worms such as Slammer or vulnerabilities like Microsoft’s RPC DCOM have been consigned to...
Papers Happy Birthday Phishers - 2006 marks the 10th anniversary of the first public acknowledgement of a Phishing attack.  Way back in 1996 the objective of a Phisher was to obtain AOL authentication credentials and higher download quotas, but it wasn’t until March 1997 that the term “phishing” was publicly coined in a popular computing magazine.  A lot of things have...
Papers RFID: Security Threat? - Media interest in Radio Frequency Identification (RFID) has increased substantially in recent months, and you may have been quizzed about the security implications of the technology. RFID technology is based on attaching a chip with a small antenna (referred to as an RFID Tag) to an object that will emit a unique signal response (the identifier) when...
Papers Mac OSX vs. Microsoft XP First Published: X-Force Monthly Magazine Not less than two years ago, Microsoft found itself fully engaged in combating accusations that Windows was less secure than Linux. After several detailed analytical studies relating to vulnerabilities, out-of-the-box configurations, default services and security patch responses, the end verdict for most...
Papers From Botnet to Malnet - Throughout 2006 X-Force observed an exponential increase in attackers seeking to compromise a victim’s desktop through vulnerabilities in Web browsers or Spam-based payloads. Most commonly the attackers sought to install malware armed with ‘best-of-breed’ rootkit functionality, command-and-control channels, auto-updating and ...
Papers Free Access Equals More Vulnerabilities - A common question I’m asked by clients and at various security conferences is why some software vendors have more vulnerabilities than others – in particular, why the software developed by the biggest vendors continually appears to be vulnerable to the latest attacks, while the small niche vendors seem to be immune.
 
     
    Copyright 2001-2007 © Gunter Ollmann