It's been 50 days since the UNAM-CERT first warned about the 2wire authentication vulnerability we found through an 0-day exploit.
Many people and security-related companies have claimed that "that was old news" referring to the "cross site request forgery (XSRF)" vulnerability reported by a mexican hacker group back in August 2007, BUT our security note announced a brand-new-authentication-vulnerability that put in high risk more than 1 million users (at least) in Mexico.
Back in December 2007 we got in touch with 2wire and Telmex before releasing the security note, we were the first team to discover and to report the issue while some companies were buying their gifts for christmas day and cooking the turkey.
For those companies, the issue remained unnoticed for some weeks (even when we made public the vulnerability and when some blogs had been discussing the topic for a while). But two weeks ago a company (one of those cooking the turkey for the christmas back in 2007, TrendMicro) made a statement about the issue, 1 month after our security note was released (just in time) . It's funny TrendMicro is warning about a "massive attack to hit the mexican users" when this issue has been exploited for a long time.
It seems that TrendMicro Labs are only able to "predict attacks" when they have enough newspapers to "read the future".
Then appeared Symantec, some days ago, with the article "first case of drive-by-pharming in the wild", based on the Trendmicro statement (I guess).
But aside the flames, the important thing here is: antivirus and security-related companies based in the USA or other countries doesn't put enough efforts to detect the current threats in LatinAmerica or at least not in Mexico. And that's odd, because they sell a lot of licenses here, I think they should start working instead of warning of "(already) upcoming threats".
Shame on them!
Sunday, January 27, 2008
Subscribe to:
Posts (Atom)