Embed Size (px)
DESCRIPTION
Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach. But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers. I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss: *Alternatives to Adobe and Java *Different ways to containing vulnerable apps in a sandbox * Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning. That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day. This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.
Citation preview
Sponsored byAdobe Hacked Again: What Does It Mean for
You?
© 2013 Monterey Technology Group Inc.
Thanks to
© 2013 Monterey Technology Group Inc.
www.Lumension.com
Paul Zimski
Preview of key points
What we know
The risks
What we can do about it
What we know
Privacy Credit card data Passwords
Adobe sites and cloud services Adobe ID Revel Creative Cloud
38 million customers/users affected
Gobs and gobs of source code ColdFusion Adobe Reader Acrobat PhotoShop
Risks
Obvious identity and privacy issues Password practices
But the source code breaches are what worry me Source code integrity
Possible to insert arbitrary bad guy code into Adobe products that are then signed by Adobe and released to the public
Can you say Trojan horse? More 0-day exploits
Instead of laboriously reverse engineering compiled Adobe code for buffer overflows, etc
Analyze the actual source code
What can you do about it?
You can’t fix Adobe’s problems, Oracle’s or anyone else
But you can reduce your exposure to them
1. Replace common, vulnerable tools where possible
Great examples Adobe Acrobat Adobe Reader
There are awesome free and for pay replacements for both products
Faster Cheaper Less irritating to use Better security
Obscurity Attack surface Better coding?
Not really replacements available for Flash Java Adobe Air Other Adobe content creation products
2. Isolate necessary vulnerable apps in a sandbox
Different ways to do sandboxes
Java websites Deploy 2 browsers One with Java, one without Optional: configure Java browser to use proxy server which
limits which sites you can access NoScript?
Java applications Deliver via VDI
Flash is really problematic Especially in Windows 8 No alternative
Built into Chrome and IE now HTML5 helping hasn’t displaced Flash yet
Click to play? Flash sandbox? Better in some browsers than others Disable via group policy
http://www.howtogeek.com/115833/
3. Using advanced memory protection technologies
Each version of Windows gets stronger memory protection
Vista Windows 7 Windows 8 Windows 8.1
Running 64 bit IE
3rd Party Memory protection DLL injection Reflective programming
Bottom line
Patch
Replace
Isolate
Control
Protect
Source Code Release Implications ?
2010 2011 2012 20130
50
100
150
200
250
300
Known Adobe Software Vulnerabilities
All Adobe AcrobatReaderFlashShockwave
Year
# o
f N
VD
CV
Es
Source data: nvd.nist.gov2010 through October 2013
A single CVE may apply to more than one product (especially) if from common source code
Acrobat and Acrobat Reader are extremely well correlated (.92-.98)
Acrobat/Release tracking at least at 2010 levels, will a dramatic increase be seen ?
NVD = National Vulnerability Database, CVE = Common Vulnerabilities and Exposures
Source Code Release Implications ?
Breach included Acrobat, ColdFusion, ColdFusion Builder & Photoshop
Weak correlation Acrobat and Flash (.00-.07) with none in later years
No other cross product correlations noted e.g. ColdFusion & Shockwave CVEs were unrelated
2010 2011 2012 20130
2
4
6
8
10
12
14
Known Adobe Software Vulnerabilities
ColdFusionPhotoshopIllustrator
Year
# o
f N
VD
CV
Es
Source data: nvd.nist.gov2010 through October 2013
Source Code Release Implications?
The source code is a “key to castle” to find flaws in existing memory management / bounds checking 0-day exploit creation
Techniques to detect and block such exploits and subsequent payloads are vital
Layered defense to monitor and report good as well as suspicious activity
Security Future : Correlation of disparate “big data” to “know the unknown”
2010 2011 2012 20130%
10%20%30%40%50%60%70%80%90%
65%
80%87% 87%
Percentage of Adobe Vulner-abilities Allowing “Arbitrary
Code Execution”
Allows Arbitary Code Execution
Year
Perc
enta
ge o
f C
VEs
Source data: nvd.nist.gov2010 through October 2013
18
Defense-in-Depth with Lumension
Click to edit Master title style
Physical Access
Por
t / D
evic
e C
ontr
ol a
nd E
ncry
ptio
n
Full DiskEncryption
Fire
wal
l Man
agem
ent
Pat
ch a
nd C
onfig
urat
ion
Man
agem
ent
Ant
i-Mal
war
e
NetworkAccess
Sponsored by
Sponsored by
• Free Security Scanner Tools» Vulnerability Scanner – discover
all OS and application vulnerabilities on your network
» Application Scanner – discover all the apps being used in your network
» Device Scanner – discover all the devices being used in your network
http://www.lumension.com/Resources/Security-Tools.aspx
• Lumension® Endpoint Management and Security Suite» Online Demo Video:
http://www.lumension.com/Resources/Demo-Center/Vulnerability-Management.aspx
» Free Trial (virtual or download):http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2
15
