No Silver Bullet for Use-After-Free Flaws [VIDEO]
There is no shortage of threats on the modern Internet and no shortage of vendors aiming to provide security solutions. One vendor, Bromium, employs a virtualization micro-visor to provide isolation and security. Bromium also actively researches security threats in a bid to make sure its own platform and the Internet at large is secure.
In a video interview with eSecurity Planet, Rahul Kashyap, chief security architect and head of Research at Bromium, explains his firm sees the greatest threat coming from end-users rather than the network, since the end-user is often where infection and exploitation begin.
One of the most prevalent forms of software flaws today is what is known as a use-after-free memory error. With use-after-free an attacker is able to use previously allocated memory space to launch an exploit.
Kashyup said there is no silver bullet for use-after-free flaws, not even from Bromium's technology. Bromium's basic premise isn't about preventing use-after-free flaws but rather about limiting the risk profile from any exploit. Bromium isolates the user and the system, preventing a potential use-after-free exploit from infecting an entire system.
Malvertising Threat Grows
Among the key trends that Bromium has been tracking is the rise of malware embedded in online advertisements, in a trend known as malvertising.
"We found malware on YouTube," Kashyap said. "So you just watch a YouTube video and you get infected."
"I fear that people are not doing enough to secure advertising networks reliably," Kashyap said.
Watch the full video interview with Rahul Kashyap below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.