This page contains a Flash digital edition of a book.
SECURITY


between developers make it more difficult for malware to achieve the reach and persistence necessary for the criminals to make good profits. A large organisation with many subsidiaries (I cannot think of an organisation larger than the Chinese Government) will find establishing a good, consistent security level across its systems a major challenge. Seeing these important organisations with the confidence to talk openly about these issues gives me confidence that they will continue to improve their efforts. The third surprise was introduced by Igor Muttik and Mark Kennedy. Why would a group of developers that assist malware authors to make malware more difficult to detect cooperate with an industry system to disrupt that assistance? A lot of current malware implements server-side polymorphism by using binary packers. Each time a victim downloads the malware, it is repacked, so every infection looks different. Obviously, this is a big problem for anti-virus developers, as they must develop techniques to recognise these families of samples. To make matters worse, the packers are also used in legitimate software, such as games, to protect intellectual property. This leads to many false positives – anti-virus software reporting an innocent program as infected because it shares characteristics with some malware. It turns out that the packer developers dislike malware authors using their products. Legitimate developers are likely to abandon a packer that gets their products reported as infected, and malware authors, being criminals, often pirate the packers. This has made it possible for the IEEE Malware Working Group to develop the IEEE Software Taggant System


with the cooperation of packer developers and anti-virus developers. This uses digital certificates to allow packer vendors to sell individualised licenses of their products that generate programs that are traceable to the license. When a license is found to be used for generating malware, it can be blacklisted. Malware authors will quickly find it uneconomic to use packers following the Taggant system.


The fourth surprise was less pleasant, but Igor Glücksmann cannot be blamed for reporting an unpleasant truth. Mainstream Windows software (Portable Executable (PE) file) is usually digitally signed, and this is supposed to guarantee that the file originated from a specific software publisher and that it has not been altered since it was signed. Unfortunately, the Microsoft Authenticode specification stores the signature inside the signed file, so there are parts of the file that are not protected by the signature. It is possible to append data to a PE file, or reorder the sections and include a payload, or modify the headers and include a payload within the headers, all without invalidating the digital signature. With the right changes, an arbitrary payload can be executed when the file is run, instead of the original software. The issue has been reported, and Microsoft has issued MS12-024 in response, but this is only a partial fix, the underlying flaw in the Authenticode specification remains.


Information security is not a static playing field, and the speakers at the AVAR Conference show us we have to be prepared to abandon outdated preconceptions to take advantage of new opportunities and to counter emerging threats.


LEGAL NOTES


STOPPING ONLINE COPYRIGHT INFRINGEMENT


Whose copyright is it anyway? Asks Rachel Burnett. transient or incidental.


A


s an IT professional, you are likely to have a career in which copyright is very important; perhaps because you will be the author or creator of copyright work, or because you will be working in a business which owns or commercially deals with copyright works. Online downloading of music, films and games is a popular activity, especially by young people. But without the authorisation of the party who owns the rights to the music – or films or games – this downloading is illegal. It is copyright infringement.


COPYRIGHT


Copyright works, such as music, films, texts, graphics, photographs and software, cannot legally be copied, reproduced or distributed without the creator or other owner’s consent. ‘Copied’ includes downloading material or storing the work in any medium by electronic means, even if


Copyright holders can take legal action to obtain compensation, for example based on lost sales, or to take out an injunction – such as an order to stop a person making infringing copies. If the breach of copyright is criminal, for example selling illegal copies of music, games or films commercially, the offender can be fined or imprisoned. I am focusing on UK copyright law. The laws about copyright


are created nationally, and so UK laws are different from the USA, or anywhere else. However, much policy relating to copyright is agreed through international treaties, to facilitate trade. The Berne Convention is the most widely observed international treaty relating to copyright, with over 160 signatories, including the UK. At EU level, there has been much harmonisation of copyright laws across member states. One problem that copyright holders have is in identifying online infringers. The normal legal procedure for finding out the


Volume 22 – Issue 4 |December 2012 21


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44