Detecting source code modification attacks
Security Lessons: Modified Code Attacks
Learn how to protect yourself against malicious attacks by modified source code.
Normally, when I think about intrusion detection, my thoughts go straight to solutions for things like network- and hostbased intrusion detection – in other words, the usual suspects (Snort, OSSEC, Prelude, event logging and analysis, etc.) [1] – but an often overlooked area of intrusion detection is source code modification attacks.
In the past few months, several highprofile source code modification attacks have taken place. Fortunately, two of the largest were quickly detected and dealt with, but only because pre-existing systems and processes were in place that could detect the attack and allow it to be handled.
Read full article as PDF:
058-059_kurt.pdf (940.41 kB)Tag Cloud
News
-
SCO Rises from the Swamp
Longtime litigator revives an ancient suit against IBM alleging Linux infringes on Unix copyrights.
-
UberStudent Project Releases UberStudent 3.0
Specialty distro keeps the focus on advanced learning.
-
openSUSE Conference Approaches
The openSUSE Conference will be held July 18-22, 2013, at the Olympic Museum in Thessaloniki, Greece.
-
Drupal.org Hacked
Security breached at home sites of the CMS project.
-
Oracle Takes Action on Java Security
Lead Java developer vows policy changes and more attention to fixing problems.
-
Google and NASA Partner in Quantum Computing Project
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
-
Mageia Project Announces Mageia 3 Linux
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
-
FSF Outs the World Wide Web Consortium over DRM Proposal
Richard Stallman calls for the W3C to remain independent of vendor interests.
-
Debian 7.0 Debuts
The new release supports nine architectures, 73 human languages, and zero non-Free components.
-
Alpha Version of Fedora 19 Released
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.