DefCon highlights risk of secondary attacks on PCs


DefCon highlights risk of secondary attacks on PCs

Cliff Saran

The risk of secondary infections from PCs that have already been compromised will be demonstrated at this week's DefCon security conference in Las Vegas.

Secondary attacks are a growing problem for Windows users. They occur when a hacker breaks into a machine and then makes further attacks from that machine to gain access to the company's network.

This form of attack, which will be demonstrated at DefCon by Luke Jennings, a security researcher with MWR Infosecurity, is most damaging when it is perpetrated through a PC that is running with system administrator privileges, as this will often provide access to any system on the network.

Stephen Lamb, an IT security professional at Microsoft, said, "One way to minimise exposure is to avoid logging in with a system admin account unless you need to."

In Windows Vista and Windows Server 2008, the next release of Microsoft's server operating system, Lamb said Microsoft had implemented a security measure called Mandatory Integrity Control. This will allow software developers to specify the level of access an application is granted. Internet Explorer, for instance, could be run with limited privileges, Lamb said.

It is not only Windows administrators who are at risk. Noel Yuhanna, a principal analyst at Forrester Research, warned that in most organisations, database administrators who create user accounts are typically unaware of what access the business requires.

"To avoid frustrating business users, database administrators tend to grant users more privileges than they really need," he said.

A growing problem Yuhanna found was that database administrators did not have an easy way to revoke a user's temporary access privileges once access was no longer required. These "orphaned accounts" provide hackers with a powerful tool to attack networks, Yuhanna said.

Hacking threats to business >>

The hacker handbook: tips and tricks >>

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy