No Silver Bullet for Use-After-Free Flaws [VIDEO]

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

There is no shortage of threats on the modern Internet and no shortage of vendors aiming to provide security solutions. One vendor, Bromium, employs a virtualization micro-visor to provide isolation and security. Bromium also actively researches security threats in a bid to make sure its own platform and the Internet at large is secure.

In a video interview with eSecurity Planet, Rahul Kashyap, chief security architect and head of Research at Bromium, explains his firm sees the greatest threat coming from end-users rather than the network, since the end-user is often where infection and exploitation begin.

One of the most prevalent forms of software flaws today is what is known as a use-after-free memory error. With use-after-free an attacker is able to use previously allocated memory space to launch an exploit.

Kashyup said there is no silver bullet for use-after-free flaws, not even from Bromium's technology. Bromium's basic premise isn't about preventing use-after-free flaws but rather about limiting the risk profile from any exploit. Bromium isolates the user and the system, preventing a potential use-after-free exploit from infecting an entire system.

Malvertising Threat Grows

Among the key trends that Bromium has been tracking is the rise of malware embedded in online advertisements, in a trend known as malvertising.

"We found malware on YouTube," Kashyap said. "So you just watch a YouTube video and you get infected."

Noting that Bromium is set to publish a complete report on malvertising later this month, Kashyup said that hackers launching random malvertising attacks now impact a large part of the Internet population. Simply blocking JavaScripts in advertising isn't an effective solution either.

"I fear that people are not doing enough to secure advertising networks reliably," Kashyap said.

Watch the full video interview with Rahul Kashyap below:

Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.

Submit a Comment

Loading Comments...