Skip to main content
banner image
venafi logo

Flame Malware: Beware - Some Dangerously Misguided Conclusions Can Be Reached

Flame Malware: Beware - Some Dangerously Misguided Conclusions Can Be Reached

June 9, 2012 | Jeff Hudson, Venafi CEO

In a Network World article posted yesterday, Marcus Carey, a researcher at Rapid7 is quoted as saying:

“Flame is an impressive piece of work, but it doesn't appear to pose a threat to most corporate networks because it seems to have been crafted for targeted attacks against networks in the Middle East.”

I would like to expand on and get specific about what he is quoted as saying. Parsing the statement, Carey claims that the Flame malware probably doesn’t pose a threat to corporate networks. He is probably right because every half-conscious security person is on the lookout for Flame.

The problem is that most people are looking at the malware package… the 20MB malware, and not the attack vector. The bigger issue is the door that Microsoft left open for the introduction of Flame: utilizing certificates with MD5 that has been proven vulnerable for the last 7 years. Microsoft closed their door (removed those untrusted vulnerable certificates) and have announced to the world that they fixed the problem.

Whew… everyone breathe a sigh of relief.

Big problem, that sigh of relief. The serious security vulnerability door remains wide open for 99% of all remaining organizations around the world. We know this to be a fact. MD5 is being used broadly on critical networks.

So when Microsoft says not to worry, the problem’s fixed. When well-respected researchers correctly point out that Flame itself is not a threat, most people assume that the danger is behind us. That assumption could not be more wrong and dangerous.

The attack vector is still wide open. Stay tuned.

Read the Venafi Security Alert: MD5 Vulnerability and learn more about how to identify your MD5 certificates.

Like this blog? We think you will love this.
Featured Blog

What Is IP Spoofing?

What is IP Spoofing?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Jeff Hudson, Venafi CEO
Jeff Hudson, Venafi CEO
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more