Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

Bit9 Hacked, Stolen Certs Used To Sign Malware 65

Posted by Soulskill from the that-seems-like-a-bad-plan dept.
tsu doh nimh writes "Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered a compromise that cuts to the core of its business: helping clients distinguish known 'safe' files from computer viruses and other malicious software. A leading provider of 'application whitelisting' services, Bit9's security technology turns the traditional approach to fighting malware on its head. Antivirus software, for example, seeks to identify and quarantine files that are known bad or strongly suspected of being malicious. In contrast, Bit9 specializes in helping companies develop custom lists of software that they want to allow employees to run, and to treat all other applications as potentially unknown and dangerous. But in a blog post today, the company disclosed that attackers broke into its network and managed to steal the digital keys that Bit9 uses to distinguish good from bad applications. The attackers then sent signed malware to at least three of Bit9's customers, although Bit9 isn't saying which customers were affected or to what extent. The kicker? The firm said it failed to detect the intrusion in part because the servers used to store its keys were not running Bit9's own software."
This discussion has been archived. No new comments can be posted.

Bit9 Hacked, Stolen Certs Used To Sign Malware More

Bit9 Hacked, Stolen Certs Used To Sign Malware

Comments Filter:

  • Revoke the keys, issue new ones (Score:4, Informative)

    by TheRealMindChild ( 743925 ) on Friday February 08, 2013 @06:49PM (#42838365) Homepage Journal
    Revoke the keys, issue new ones, and contact all of your clients on how to update. Check and mate.

  • Just stupid (Score:3, Informative)

    by Anonymous Coward on Friday February 08, 2013 @07:13PM (#42838677)

    Why was this system connected to the internet either directly through the main lan or an unsecured vlan?

    We have basic white papers and common sense security plans to stop this kind of thing.

  • Re:Serves them right (Score:5, Informative)

    by Anonymous Coward on Friday February 08, 2013 @07:40PM (#42838975)

    I hate fuckers who make software designed to prevent computer users from using their computer. This applies whether the software claims to be white-hat anti-malware stuff or outright admits it's a tool-of-the-devil locked bootloader or DRM tool.

    A company has every right to lock down their own computers. Dumbass employees with Admin rights = disaster!! This software is similar to SUA + AppLocker (deny all) + whitelisted certs and it's a solid approach.

  • Re:Serves them right (Score:2, Informative)

    by Anonymous Coward on Saturday February 09, 2013 @12:41AM (#42841031)

    A company has every right to lock down their own computers.

    The right, certainly. But turning a computer into a glorified cash register running only "approved" apps is a terrible move, even when you own it. Sure, you prevent malware. You also prevent everything else.

    From the summary:
    Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms

    This has nothing to do with consumer toys or personal computers. It's to do with gov't/corp workstations. It prevents employees from accidentally installing unsigned updates and plugins. It prevents spies, defectors or hackers from stealing the "secret sauce". The integrity of the certs is crucial to its effectiveness.

    Removing rights from your own Windows acct. is not a bad idea and can be comfortable with tools like SuRun [kay-bruns.de]

    (I'm the same AC that you replied to)

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close