IKE protocol flaw affects Cisco gear
According to Cisco Systems Inc., a newly discovered flaw in the
Internet Key Exchange (IKE) version 1 protocol could expose certain
Cisco products to attack.
The San Jose, Calif.-based networking giant has confirmed the
validity of a post to the Full Disclosure mailing list in which a
UK-based researcher said an issue with the protocol could leave
Cisco's VPN 3000 Series Concentrators susceptible to a denial of
service.
The researcher, Roy Hills of UK-based security analysis firm NTA
Monitor Ltd., discovered the IKE flaw while performing a VPN
security test for a customer in July 2005.
"The vulnerability allows an attacker to exhaust the IKE
resources on a VPN concentrator by sending a high rate of IKE
requests, which will prevent valid clients from connected or
re-keying," wrote Hills. "The attack does not require a high
bandwidth, so one attacker could potentially target many
concentrators."
Hills said it is similar to the well-known TCP SYN flood attack,
when TCP connection requests are sent faster than the receiving
device can process them.
In a follow-up post, Dario Ciccarone of Cisco's Product Security
Incident Response Team (PSIRT)
confirmed the problem, noting that it not only affects the 3000
Series Concentrators, but also its PIX firewall and its IOS
software.
"This vulnerability is not related to a specific vendor
implementation, but to underlying issues in the IKE protocol, and
may affect any device which implements IKE version 1," Ciccarone
said.
Ciccarone said those using IOS can mitigate the problem by
implementing the
Call Admission Control for IKE feature. However, he added, "There
are no workarounds to mitigate this vulnerability for other
affected devices."
In a post on its Web site, the SANS Internet Storm Center
recommends
that organizations check with their vendors for other systems that
may use IKE version 1.
Internet Explorer 7 to arrive as 'high priority'
update
Due to security concerns in its current browser, Microsoft said
Wednesday that it will release its next-generation Internet
Explorer 7 browser as an update to Windows XP and Windows 2003
customers.
In a posting on its Web site yesterday, the software giant said
customers would receive the final version of the new Web browser,
planned for release in the fourth quarter of 2006, as a
high-priority update via Microsoft Automatic Updates.
Gary Schare, Microsoft's director of IE product management, told
CNET News.com that move, considered bold by some, is justified by
the significant security enhancements in IE 7. Many have long
considered IE6 unsuitable and in need of replacement because of the
countless security flaws to which it has been vulnerable in the
past several years.
However, for those organizations that want to block the
automatic update of IE7, Microsoft Wednesday issues a non-expiring
Blocker Toolkit that will prevent such a download for environments
not running Windows Server Update Services or Systems Management
Server 2003. Microsoft said the tool will not prevent users from
manually installing Internet Explorer 7 as a recommended update
from the Windows Update or Microsoft Update sites, from the
Microsoft Download Center or from external media.
The tool is only available to enterprises that have had their
machines validated via Microsoft's controversial Windows Genuine
Advantage program.
MessageLabs sees slight drop in spam, gain in target
attacks
In its most recent intelligence report, New York-based messaging
security firm MessageLabs Ltd. claims spam declined slightly in
recent weeks, targeted attacks are on the rise.
According to the results of its July 2006 research, the global
ratio of spam decreased 2.1% to 62.7%. Sorted by nation, Israel's
ratio was highest at 77.3% of all messages while India's ratio was
lowest at 23.1%.
However, MessageLabs said new scams abusing mobile text
messaging and online social networking services have increased,
along with social engineering and targeted profiling of networking
sites like MySpace.com.
Other highlights include:
- The rate of viruses per email message has remained steady, with
the highest rate of 1 in 11.1 and Belgium the lowest with 1 in
149.2.
- The mineral/fuel vertical had the greatest increase in spam
this month with a jump of nearly 10%. Regionally, Spain had the
greatest spam increase from last month with a 21.1% jump.
- The business support services sector had the greatest virus
rate with 1 in 12 emails containing a virus.
Ironically, just hours before the data was released, San
Francisco-based messaging analysis firm Ferris Research issued a
bulletin asserting that MessageLabs has enlisted investment bank
UBS Corp. in an attempt to find another company willing to buy
it.
President and Senior Analyst David Ferris wrote that not only is
there "plenty of interest" in acquiring malware firms, noting
recent purchases of CipherTrust and FrontBridge, but it also could
benefit from a merger to better facilitate the generation of
wealth."
"All in all," Ferris wrote, "it's probably a good time for
MessageLabs stockholders to sell."