FBI sees more Storm attacks; Apple Fails to Fix Major DNS Flaw

The Federal Bureau of Investigation (FBI) recently warned of an expected increase in Storm worm attacks. In other news, investigators found that Apple, Inc. had failed to make a critical DNS repair to its operating system, while Motorola, Inc. announced that it was planning to acquire Air Defense, Inc., a wireless security technology company.

Focal Points:

• Officials from the FBI have been receiving an increasing number of complaints related to a huge increase in Spam emails that contain the Storm Worm. The emails are trying to lure victims to a site by stating there is an article that talks about a controversy between FBI and Facebook. Users that click on this link then have the Storm Worm downloaded onto their system. The warning was also issued through its partner organization, the Internet Crime Complaint Center (IC3).
• Officials from Apple recently issued patches for17 known vulnerabilities in its MAC OS X. Part of the patches were supposed to fix a recently discovered bug in the Berkeley Internet Name Domain (BIND) service that opens DNS to redirection attacks. BIND was patched by the authors to randomize the way it generates ports, but for some reason, the new version of Mac OS, which was patched, does not perform this randomization, but continues to increment ports, which can be exploited. Security researchers confirmed last week that an exploit to this vulnerability has been discovered. Other bugs that were fixed by Apple's patch include a Remote Desktop Agent flaw, which had previous been exploited by a hacker.
• Officials from Motorola announced that they were going to acquire AirDefense. This is a firm that specializes in Wi-Fi security. Its products help in the security of wireless networks, as well as aiding in compliance reporting and security auditing. AirDefense was founded in 2001, and has focused its sales on governmental agencies and large enterprises. The company, based in Alpharetta, Georgia, will become a wholly-owned subsidiary of Motorola as part of its Enterprise Mobility business. Officials expect the deal to close in 2008.

Experton Group believes security managers must take immediate actions to fix the newly discovered DNS vulnerabilities. Since DNS is a core function of all companies' network services, any flaws in these services are liable to affect the functionality of all business applications. If companies have any Mac OS systems, IT managers should push Apple for a quick fix to its remaining exposure. Given that Apple is using a module from another company that is known to work, this fix should be able to be made quickly. IT executives should continuously update security policies and procedures to adapt operations to new threats, and have an education system in place that encourages employees to keep their security awareness up to date.