Wednesday, September 21, 2011

Virus-related things

Viruses are dreadful things. The digital ones destroy your data, steal your login, send spam in your name and empty your bank account. The biological ones cripple and kill you. Bad news are that a particularly dreadful virus, viz. polio, has been reported to have spread to China from Pakistan. This is a reminder that wide-spread vaccination against polio (and other diseases) is crucial to avoid the devastating impact they have on the lives of those affected.

Unfortunately, not all preventative measures always work as intended. In particular, another recent piece of bad news (of an entirely unrelated kind) is that the encryption protocols SSL and TLS (1.0) used to secure https connections are vulnerable to attack. An attacker who gets to intercept the encrypted data and who has some control over the user's browser (e.g. via a virus) can use a Cross-Site-Scripting (XSS) attack to hijack an encrypted connection and, e.g., steal from the user's online banking or PayPal account.

This attack is called BEAST. Another "beast", namely DRACO (Double-stranded RNA Activated Caspase Oligomerizer) may become for viruses (speaking of the biological sort again) what penicillin is for bacteria: researchers at MIT have developed this substance that selectively kills cells infected by viruses, curing mice infected with lethal viruses with apparently no serious side-effects seen so far. That sounds like one of those rare pieces of good news.

1 comment:

Anonymous said...

To keep up your protection against BEAST, use Firefox with the NoScript extension, which contains some fairly effective anti-XSS measures. To keep up your protection against bio-viruses, check your vaccination status with your doctor.