In his latest blog post, Bruce Schneier points out a particularly interesting note in the Harvard Law Review, which argues that there is a significant benefit from Internet attacks:

This Note argues that computer networks, particularly the Internet, can be thought of as having immune systems that are strengthened by certain attacks. Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack — one that would threaten national or even global security. In essence, certain cybercrime can create more benefits than costs, and cybercrime policy should take this concept into account.

I’d have to agree, to some extent. Not only does it keep people, and organizations, on their toes but it also forces the vendors to constantly update their products and evolve to address new concerns. What are your thoughts?

The ZERT team came to light recently due to their public, unofficial patch for the IE Buffer Overflow in VML (vgx.dll) vulnerability (CVE-2006-4868).

They also received coverage today by eWEEK. That article can be found here: http://www.eweek.com/article2/0,1895,2019162,00.asp

From the ZERT Manifesto:

ZERT is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor.

ZERT members work together as a team to release a non-vendor patch when a so-called “0day” (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to “crack” products, but rather to “uncrack” them by averting security vulnerabilities in them before they can be widely exploited.

It is always a good idea to wait for a vendor-supplied patch and apply it as soon as possible, but there will be times when an ad-hoc group such as ours can release a working patch before a vendor can release their solution.

I look forward to seeing more releases and possibly whitepapers on their findings but only time will tell if ZERT can go the distance as a organized incident response team.

There is an article in today’s Toronto Star detailing Research In Motion’s (RIM) plan to release “a wireless device that aims to thwart thieves and ease the minds of those who are prone to misplacing their handheld units.”

From the article:

Details of the new device, which has not been announced by the company, are included in a recent patent application. The new device would be carried in a holster armed with a wireless transceiver. The handheld unit could be switched to a pickpocket mode so that once it’s removed from the holster, a wireless alert message would be sent to the user.

Unless a user authentication code is input in a predetermined length of time, the device’s data would be rendered unusable, according to the application, which was filed with the Canadian Intellectual Property Office.

I think this is a good step towards wireless security and has been needed for quite some time. My only concern is careless users who set off ‘false alarm’ alarms due to not properly seating the phone in the holster. Only time will tell.

The full article can be read here.