Network ICE de-robes latest cloaking hack

Network ICE, a leading provider of consumer and corporate intrusion detection systems, has warned users to be wary of a cloaking technique, known as polymorphic coding, designed to disguise buffer overflow code. The camouflage code was revealed at the recent CanSecWest conference in Vancouver, British Columbia by a hacker going by the alias ‘K2’.

This cloaking technique allows intruders to evade network-based intrusion detection system (IDS’s). This is an important development because it means while IDSs may detect the common ‘script kiddies’, they are useless against the serious, expert hacker.

“K2’s claims that his code will ‘blow away’ any pattern matching technique has other vendors scrambling to come up with ways to combat his polymorphic code. However, this technique was discovered by Network ICE three years ago, and we described the basic outline at last year’s DefCon conference in Las Vegas, Nevada,” said Arlene Brown, MD EMEA, Network ICE. “Our Network-IDS technology was written from the ground up to be immune to polymorphic coding

Network ICE customers who have kept their IDS software up-to-date are automatically protected against polymorphic coding techniques such as K2’s.