Friday, June 30, 2006
Moreover, Prolexic's Zombie report for Q1-Q2 2005, provides even more detailed info, and a neat visualization of the routes involved with DDoS attacks, where the blue represents the U.S, and the red China. For the the time being, the ShadowServer guys keep on enthusiastically dealing with the problem, for no profit at all.
"The Douglas Country Sheriff's DOffice says it's going to start warning computer users that their networks may be vulnerable to hackers. The Sheriff's Department plans to equip several of its community service and patrol cars with devices that detect unprotected computer networks. In cases where investigators can figure out who owns the networks, they'll try to warn of potential security issues. They'll also drop off brochures with instructions to computer users on how to password protect their networks."
Back in 2004, Kelly Martin wrote a very pragmatic article on Catching a virus writer, empasizing on how "with the consumer WiFi explosion, launching a virus into the wild has never been easier and more anonymous than it is today." Moreover, Kaspersky labs recently assessed the situation in England, and you can easily see the need of basic awareness there.
I don't feel it's a good idea mainly because it generates more noise for the end user to sort through. They'd rather assess and position on a map the regions with most vulnerable networks and figure out a cost-effective ways of spreading awareness in these regions, instead of taking the role of an ethical wardriving. On the other hand, if they start taking care of wireless, would they start taking into consideration Bluetooth as well? There're just too many ethical wardrivers to deal with and deceive these days, and creative end users tend to multiply themselves or, of course, use common sense protection.
WarDriving Awareness brochure courtesy of Tom Hayward. Recommended reading - "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics".
Thursday, June 29, 2006
"South Korea is bright, North Korea is dark. This amazing image is included in the standard US Department of Defense briefings on North Korea. It was mentioned in a news briefing on 23 December 2002 by Defense Secretary Rumsfeld, who stated that "If you look at a picture from the sky of the Korean Peninsula at night, South Korea is filled with lights and energy and vitality and a booming economy; North Korea is dark." There are a number of versions of this image in circulation, with visible differences that vary according to the conditions at the time the imagery was acquired."
Rich Karlgaard's comment on lifting North Korea sanctions, and Quentin Hardy's argument that "Capitalism has corrupted other authoritarian regimes, why not North Korea?”are worth taking into consideration.
Rather biased, today's opinion on Cyberterrorism always has to do primarily with destruction as the core of the problem. Active research is already conducted on "Arabic Extremist Group Forum Messages' Characteristics" and "Terrorist Social Network Analysis", and the real issues still remain communication, research, fundraising, propaganda, recruitment and training -- I wish Dorothy Denning was also blogging on the topic!
iDefense, being the masters of CYBERINT, recently found jihadist web sites related to Zarqawi's "Successor". The interesting part :
"This website contains forums with a mix of threads covering items from the latest information on the militants in the Middle East, such as a video of militants in Syria, to hacker education, such as Microsoft Word documents available for downloading that detail CGI, unicode and php exploits. The members appear to be interested in physical and cyber-related threats. The membership of the site is growing and is already over 10,000+ members. Plus, we at iDefense/VeriSign are very interested to see what hacking issues or levels of cyber expertise may be covered on this site."
By the way, I just came across to an outstanding list of Islamic sites at Cryptome. These are definitely about to get crawled, analyzed, and for sure, under attack in the future. For instance, the most recent example of hacktivism tensions, are the hundreds of hacked Israeli web pages, in the light of Israel's military action in Gaza.
Further reading on:
How Modern Terrorism Uses the Internet
Jihad Online : Islamic Terrorists and the Internet
Right-wing Extremism on the Internet
Terrorist web sites courtesy of the SITE Institute
The HATE Directory November 2005 update
Recruitment by Extremist Groups on the Internet
Wednesday, June 28, 2006
01. Meteorite Collision - "Japanese animation showing what would happen if a giant meteor hit the Earth." to Space on june 25
02. Should We Lift North Korean Sanctions? - "Quentin Hardy summed up his side’s argument: “Capitalism has corrupted other authoritarian regimes, why not North Korea?”to Investing on june 25
03. The ABCs of New Security Leadership - "Maintaining the right level of boardroom and employee awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm. Below, CSO looks at what's Out and what's In." to Security Leadership on june 27
04. Blackmailer : the story of Gpcode - "Analysts at Kaspersky Lab had successfully cracked a 660 bit RSA encryption key. This was the latest victory against a cyber blackmailer that had been plaguing users in Russia for over a year and a half." to Malware Ransomware on june 27
05. My Anti-Virus Revolving Door - "I'm the Donald Trump of anti-virus software testing. It won't be long before they're all fired." to Malware AntiVirus on june 27
06. Eyeballing Israel Signal Facilities - "Israeli Signal Facilities, courtesy of the Eyeball Series." to Security Defense Reconnaissance Satellite GEOINT on june 27
07. DHS Special Report Can DHS meet IT cybersecurity expectations? - “In the Defense budget we have put hundreds of millions of dollars in for info. dominance,” Weldon said. He cited Pentagon programs to fund universities to launch cybersecurity studies centers and to expand the military’s own cybersecurity programs." to Security Defense Cyberterrorism Leadership on june 27
08. Tampa GOP Cyber-Attack - "As the global Islamist war heats up, technically savvy cyber-terrorists will continue to look to find weaknesses in the Internet infrastructure of the West." to InformationWarfare Cyberterrorism Hacktivism PSYOPS on june 27
09. Analysis Warns U.S. of Cyber Security Weaknesses - "If our nation is hit by a cyber Katrina that wipes out large parts of the Internet, there is no coordinated plan in place to restart and restore the Internet," said John J. Castellani, President of the Roundtable." to Security Defense Cyberterrorism Leadership on june 27
10. Ignoring the Great Firewall of China - "The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST fag set) are sent to both endpoints of the connection.." to Censorship China FreeSpeech on june 27
11. Encyclopedia of Espionage, Intelligence, and Security - "Espionage information." to Intelligence Espionage on june 27
12. China-Led Group to Fight Web Fraud, Cyber Terrorism - "A Russian and Chinese-led bloc of Asian states said Thursday it plans to set up an expert group to boost computer security and help guard against threats to their regimes from the Internet." to Security on june 27
13. Immunizing The Internet, Or : How I Learned To Stop Worrying And Love The Worm - "In a 1997 exercise, NSA teams hacked into computer systems at four regional military commands and the National Military Command Center and showed that hackers could cause large-scale power outages and 911 emergency telephone network overloads." to Security Defense InformationWarfare Cyberterrorism on june 27
14. Five Questions For Martin Roesch, Founder and CTO of Sourcefire - "In 1998, Roesch created Snort, an app that sniffs out malicious traffic trying to enter a network. Snort's free source code has been downloaded more than 3 million times." to Interview on june 27
15. Firms Eye Video Surveillence - "And as the technology shrinks, the cameras slip deeper into the background, hardly noticed, streaming more than 4 billion hours of footage a week—footage that usually ends up lost, and never seen." to Surveillance CCTV Technology on june 27
16. How big is Earth compared to other planets and stars? - "Fun series of photos comparing Earth's size to that of other planets and stars." to Space on june 27
17. All-Seeing Blimp on the Rise - "The problem with the American military today is that it doesn't have a giant, robotic airship, two-and-a-half times the size of the Goodyear blimp, that can watch over an entire city at once.The idea is to park an unmanned airship over a hot zone. to Military Surveillance Privacy on june 27
18. Malware in Popular Networks - "Some of the other popular means of computer supported collaboration are USENET, IRC, P2P, IM. We have seen a consistent uprise of malware targeting these collaborative systems."
to Malware on june 27
19. Word macro trojan dropper and (another) downloader - "We've seen a lot of new malware being spammed in last couple of hours." to Malware on june 27
Tuesday, June 27, 2006
Tip to the Board of Education, don't bother Google but take care of the problem on your own, immediately, through Google's automatic URL removal system, by first "inserting the appropriate meta tags into the page's HTML code. Doing this and submitting via the automatic URL removal system will cause a temporary, 180-day removal of these pages from the Google index, regardless of whether you remove the robots.txt file or meta tags after processing your request."
Going back to the idea of malicious web crawling, the best "what if" analysis comes from Michal Zalewski, back in 2001's Phrack issue article on "The Rise of the Robots" -- nice starting quote! It tries to emphasize that "Others - Internet workers - hundreds of never sleeping, endlessly browsing information crawlers, intelligent agents, search engines... They come to pick this information, and - unknowingly - to attack victims. You can stop one of them, but can't stop them all. You can find out what their orders are, but you can't guess what these orders will be tomorrow, hidden somewhere in the abyss of not yet explored cyberspace. Your private army, close at hand, picking orders you left for them on their way. You exploit them without having to compromise them. They do what they are designed for, and they do their best to accomplish it. Welcome to the new reality, where our A.I. machines can rise against us."
That's a far more serious security issue to keep an eye on, instead of Google's crawlers eating your web site for breakfast.
There've also been speculations on the severity of NSA wiretapping program compared to the Watergate scenario, while I feel that besides political engineering through infowar, it also occurs relatively more often over a juicy barbecue.
Monday, June 26, 2006
"Our mail servers accepted 1,438,909 connections, attempting to deliver 1,677,649 messages. We rejected 1,629,900 messages and accepted only 47,749 messages. That's a ratio of 1:34 accepted to rejected messages! Here is how the message rejections break down:
Bad HELO syntax: 393284
Sending mail server masquerades as our mail server: 126513
Rejected dictionary attacks: 22567
Rejected by SORBS black list: 262967
Rejected by SpamHaus black list: 342495
Rejected by local block list: 5717
Sender verify failed: 4525
Recipient verify failed (bad To: address): 287457
Attempted to relay: 5857
No subject: 176
Bad header syntax: 0
Spam rejected (score => 10): 42069
Viruses/malware rejected: 2575
Bad attachments rejected: 1594"
Draw up the conclusions for yourself, besides shooting into the dark or general syntax errors, total waste of email traffic resulting in delayed email is the biggest downsize here, thankfully, non-commercial methods are still capable of dealing with the problem. At the bottom line, sending a couple of million email messages on the cost of anything, and getting a minor response from a "Hey this is hell of a deal and has my username on the top of it!" type of end users seems to keep on motivating the sender. Localized spam is much more effective as an idea, but much easier to trace compared to mass-marketing approaches, though I feel it would emerge with the time.
Browse through Spamlinks.net for anything anti-spam related, quite an amazing resource.
Hint : once you get involved in the CCTV irony, I say irony mainly because the dude behind the 40 motion detection and face recognition wall is having another CCTV behind his back, you end up spending tax payers money to cover "blind spots", and end up with a negative ROI while trying to achieve self-regulation, if one matters!
Surveillance and Society's journal still remains the most resourceful publication on surveillance studies and its impact on society.
Further reading and previous cases:
The Hidden Camera
Iowa Judge Says Hidden Restroom Camera Case Can Proceed to Trial
Thankfully, initiatives as the OpenNet one, and organizations such as Reporters Without Borders never stop being the society's true watchdogs when it comes to Internet censorship. ONI's neat visualization of the Internet filtering map is a great way of pin pointing key locations, and provide further details through their in-depth reports, take a look for yourself!
Censorship is capable of running entire governments, maintaining historical political power, and mostly ruling by "excluding the middle". Recently, two of China's leading Internet portals were shut down due to maintenance issues acting as the excuse for improving their filtering capabilities. Reporters Without Borders conducted an outstanding analysis of the situation, coming to the conclusion "that the search engines of China’s two leading Internet portals, Sina and Sohu, after they were shut down from 19 to 21 June for what they described as a “technical upgrade” but which in fact was designed to improve the filtering of their search results."
What is Google up to? Making business compromises in order to harness the power of the growing Chinese Internet population. And while the Wall is cracking from within, the world is also taking actions against the fact that there're currently 30 journalists behind bars in China.
Sunday, June 25, 2006
01. Eyeballing North Korean Missile Launch Furor - "Latest satellite photo coverage and description of the launch site facilities." to Military Satellite Reconnaissance GEOINT ... on 25 June
02. VoIP wiretapping could lead to more problems - "Requiring Internet service providers to respond in real time to requests for them to record VoIP calls would open up the Internet to new vulnerabilities, Whitfield Diffie added." to Intelligence Terrorism Wiretapping CALEA VoIP on 25 June
03. Police arrest two in Japan data theft case - "Blackmailers attempted to extort almost $90,000 from one of Japan's largest phone companies by threatening to reveal a leak of private data belonging to four million customers before a major shareholder meeting." to Espionage Insider Investing on 25 June
04. Kevin Mitnick, the great pretender - "ZDNet UK caught up with the ex-cracker to discuss developments in social engineering, new U.S. laws monitoring telephone systems and alleged "NASA hacker" Gary McKinnon's impending extradition to the United States." to Security Interview on 25 June
05. Data-Theft Worm Targets Google's Orkut - "Now, however, the infection will pop up a message telling you your data is being mailed off someplace, before sending you to the Orkut site." to Malware Web on 25 June
06. French Microsoft Web site hacked - "Hackers on Sunday broke into a part of Microsoft's French Web site, replacing the front page with online graffiti." to Hacktivism Microsoft Defacement on 25 June
07. SCADA industry debates flaw disclosure - "The guys who are setting up these systems are not security professionals. And many of the systems that are running SCADA applications were not designed to be secure--it's a hacker's playground."
to Security SCADA Cyberterrorism Vulnerabilities on 25 June
08. Details emerge on second potential NSA facility - "The room had a sophisticated set of double security doors, known as a "mantrap," and any engineer who worked inside required extensive security clearances." to Intelligence NSA Terrorism Surveillance Wiretapping on 25 June
09. Next-Gen Bank Trojans Are Upon Us - "The 3G Banking Trojan can steal your info and then siphon your account of its cash. The 3G Banking Trojan began with the "Win32.Grams" piece of malware, which first appeared in 2004."to Malware on 25 June
10. Malware authors eyeing Web-based applications - "As Web-based services grow increasingly popular, industry experts say users should brace for more of these threats." to Malware Web on 25 June
11. Stratcom leads DOD cyberdefense efforts - “Unfortunately for us, cyberterrorism is cheap, and it’s fast,” Kehler said. “Today’s terrorist moves at the speed of information.” to Defense InformationWarfare Cyberterrorism on 25 June
12. Text Messaging Used as Malware Lure - "Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones." to Malware Mobile on 25 June
13. Two China Search Sites Shut - "Censorship or maintenance? That’s the question after two Chinese search engines shut down temporarily." to China Censorship FreeSpeech on 25 June
14. Web services increasingly under attack - "As larger audiences flock to Web sites that run on ever more powerful programming scripts, malware writers are them fertile ground." to Security Malware Web on 25 June
15. What's the Endpoint of Endpoint Security? - "Finally, there’s a more manipulative progenitor of new jargon: the analyst community. White papers, market reports and mystical squares can get crowded, and the big vendors often dominate them."
to Security Investing Advertising Leadership on 25 June
16. Expatriates in Canada pressured to spy - "Despite strong warnings from the government of Canada, certain countries continue to use their intelligence services to manipulate and exploit expatriate communities in Canada," CSIS said." to Intelligence OSINT Espionage on 25 June
17. Review: Terror On The Internet - "Terror on the Internet" usefully outlines the basic contours of his subject, giving a taste of Al Qaeda's Internet rhetoric and strategies, along with those of less well-known militant groups from Colombia to the Basque country to Chechnya." to InformationWarfare Cyberterrorism Terrorism PSYOPS on 25 June
18. Web of terror - "The suspects reportedly became radicalized through militant Web sites and received online advice from Younis Tsouli, the Britain-based Webmaster for Islamic extremist sites who called himself "Terrorist 007," before he was arrested late last year." to InformationWarfare Cyberterrorism Terrorism PSYOPS Web on 25 June
Google Earth and Google Maps continue making the headlines as a "threat" to national security, where the key points remain the balancing of satellite reconnaissance capabilities between developed and developing nations, the freshness of the data, and it's quality. Sensitive locations can indeed be spotted, and then again, so what? And, with the launch of Geoportail.fr the French government aims at achieving transparency, rather than overhyping this common sense "insecurity".
Saturday, June 24, 2006
Posting will resume shortly, a lot has happened for a week, and the only thing I pretend I'm not good at is wasting my time. As a matter of fact, I've got some very nice comments out of a presentation held at the University of Dresden, Germany, regarding my Future trends of malware research.
Tuesday, June 13, 2006
Web application worms have the potential to dominate the malware threatscape given the amount of traffic their platforms receive, my point is that even within a tiny timeframe like this, one could achieve speed and efficiency like we've only seen in single-packet worms.
In a previous post related to the "Current State of Web Application Worms", you can also find more comments and resources on the topic. Rather defensive, the content spoofing exploiting the trust between the parties that I mentioned is nothing compared to the automated harvesting in this case. As there's naturally active research done in Bluetooth honeypots, IM honeypots, ICQ honeypots, Google Hacking honeypots, it's about time to start seeding your spam trap emails within free email providers or social networking providers.
The stakes are too high not to be exploited in one way or another, I hope we'll some day get surprised by a top web property coming up with a fixed vulnerability on their own. Realizing the importance of their emerging position as attack vector for malware authors is yet another issue to keep in mind. And the best part about web services is their push patching approach, you're always running the latest version, so relaying on end users is totally out of the question.
Find out more details on the worm, and comments as well.
UPDATE: Rather active month when it comes web application malware events, another Data-Theft Worm Targets Google's Orkut.
Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored the technological revolution of spamming to come -- IPSec is also said to be dead by 2008..
"The current glut of anti-spam vendors is about to end, analysts at Gartner said Wednesday. But enterprises shouldn’t stay on the sidelines until the shakeout is over. By the end of the year, Gartner predicted, the current roster of about 40 vendors in the enterprise anti-spam filtering market will shrink to fewer than 10. As consolidation accelerates and as anti-spam technology continues to rapidly change, most of today’s vendors will be "left by the wayside," said Maurene Caplan Grey, a research director with Gartner, and one of two analysts who authored a recently-released report on the state of the anti-spam market."
The consequence of cheap hardware, HR on demand, angel investors falling from the sky on daily basis, and acquiring vendor licensed IP, would result in start ups popping up like mushrooms to cover the newly developed market segments, and some will stick it long enough not to get acquired given they realize they poses a core competency.
Sensor networks, spam traps, bayesian filters, all are holding the front, while we've getting used to "an acceptable level of spam", not the lack of it. What's emerging for the time being is the next logical stage, that's localized spam on native languages, and believe it or not, its gets through the filters, and impacts productivity, the major problem posed by spam.
SiteAdvisor -- I feel I'm almost acting as an evangelist of the idea -- recently responded to Scandoo's concept, by wisely starting to take advantage of their growing database, and provide the feature in email clients while protecting against phishing attacks. End users wouldn't consider insecure search by default in order to change their googling habits, they trust Google more than they would trust an extension, and they'd rather have to worry about Google abusing their click stream, compared to anything else. Anti-Phishing toolbars are a buzz, and it's nice to see the way they're orbiting around it.
Be a mushroom, don't look for an umbrella from day one!
Sunday, June 11, 2006
01. Eight Indian Startups to Watch - "Some startups are offering unique solutions for India’s burgeoning domestic market, others are targeting global markets. Several are going after both. Red Herring has chosen a few below-the-radar young companies that we think are worth watching." - to Investing Technology India on june 10
02. 'Grand Theft Auto' Game Makers Settle With FTC - "A settlement has been reached with the companies behind the popular video game "Grand Theft Auto: San Andreas," Take-Two Interactive and subsidiary Rockstar Games, which were sued for deceptive practices over hidden sexual content in the game." - to Game Investing on june 10
03. Symbian dismisses smartphone security risk - "David Wood, executive vice president of research at Symbian, said on the Symbian website that smartphones only pose a security risk if companies ignore basic practical rules." - to Malware Symbian on june 10
04. AV management 2006 - "We have assembled a comprehensive range from the leading anti-virus products available in today’s market. During our testing, we began by checking the capacity of these respective offerings to cope with basic tasks." - to Security Malware AntiVirus on june 10
05. Zero-Day Exploits Abound at Legitimate Web Sites - "An exploit distribution network controlled by a single organization that was using a network of 40 Internet domains, each of which was linked to an average of 500 infected sites, for a total of roughly 20,000 Web pages forwarding the groups' attacks." - to 0day Vulnerabilities on june 10
06. Taiwan Faces Increasing Cyber Assaults - "A hacker managed to issue an e-mail attachment that contained a fake press release purportedly from the Military Spokesman’s Office describing a meeting between People’s First Party representatives and MND officials." - to InformationWarfare Cyberwarfare Taiwan China on june 10
07. Social- and Interactive-Television Applications Based on Real-Time Ambient-Audio Identification - "We showed how to sample the ambient sound emitted from a TV and automatically determine what is being watched from a small signature of the sound—all with complete privacy and minuscule effort." - to NewMedia Privacy Surveillance on june 10
08. The Evolution of In-Game Ads - "Marketed as a way to help game makers increase their bottom line or make specific titles more realistic, advertisers are continually searching for ways to reach new audiences—young males and beyond."- to Game Advertising ... on june 11
09. Risks of Keeping User Data Outweigh Benefits - "Large data troves are certain to become targets of hackers, identity thieves and unscrupulous insiders. As the raft of recent data breaches has shown, there are plenty of companies, organizations and government agencies that do a lousy job at securing data." - to Security on june 11
10. Protect Me, Protect My Data - "Companies that underestimate security threats to their records do so at their own peril. It can mean a loss of trust and of business." - to Security on june 11
11. Audit finds security weaknesses at NASA center - "The IG’s audit found other problems as well. System administrators also accessed a key server containing security information without adequate encryption and did not remove unnecessary services from the network." - to Security NASA on june 11
12. America's Most Stolen Vehicles - "The Cadillac Escalade had the highest theft claim rate overall, according to the HLDI, and was the most stolen SUV, according to the CCC 2004 stolen vehicle report." - to Security Theft on june 11
13. N Korea in 'US spy plane' warning - "North Korea says it will punish the US, after claiming it is conducting spying flights over its territorial waters." - to Intelligence Reconnaissance on june 11
14. McAfee SiteAdvisor to add site blocking, extend ratings beyond Web - "McAfee is planning enhancements to its recently acquired SiteAdvisor software that will allow the Web-rating application to block inappropriate Web sites, offer safety ratings for online transactions and rate Web links that appear in e-mail and IM windows. - to McAfee SiteAdvisor on june 11
15. Google and Ebay : The MBA Analysis - "In fact, as they researched the paper over the course of the year, the authors came to the conclusion that eBay had no choice but to ally with either Yahoo or Microsoft. Then the Journal reported as much, and the Yahoo/eBay deal went down." - to NewMedia Google Ebay on june 11
You may also find this Time Out's briefing on London's espionage locations interesting.
Saturday, June 10, 2006
"Venture capitalists are predicting a "business boom below ground" as blue-chip companies turn to nuclear bunkers built at the height of the Cold War in the battle to protect sensitive electronic data. The latest private equity investor to move in on the area is Foresight Venture Partners, which has just taken a 20 per cent stake in The Bunker Secure Hosting."
But no matter how deep underground you are, you would still be providing an Internet connection given you're a hosting company. That's an open network, compared to a closed one which is more easy to control -- thick walls wouldn't matter when it comes to connectivity and insiders. It's logical for any data to be stated as secure in that type of environment, but an authorized/unauthorized "someone"will want to use and abuse it for sure.
VCs often exagerate to develop a market sector they somehow envision as profitable in the long term, the real issue is that, while the idea is very marketable, you cannon base future trends on this fact only. They'd better invest in market segments such as portable security solutions, or risk management companies such as Vontu and Reconnex, which I covered in a previous post related to insiders abuse.
"Search through more hundreds of thousands of email messages to and from 176 former Enron executives and employees from the power-trading operations in 2000-2002. For the first time, they are available to the public for free through the easy-to-use interface of the InBoxer Anti-Risk Appliance. Create a free account, and go to work. You can search for words, phrases, senders, recipients, and more."
The interesting part is how their ex-risk management provider is providing the data, in between fighting with the Monsters in Your Mailbox.
"The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals. Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) will, as it stands, give police the authority to force organisations and individuals to disclose encryption keys. The Government issued the public consultation on the code of practice for Part III, which will regulate how police and the courts use powers under the legislation, on Wednesday."
It would be interesting to see how they would initiate the response from individuals, without raising the the eyebrows on the majority of civil liberties watch dogs out there and, of course, businessess. That's of course, assuming they use encryption at the first place. Could be much more "wiser" to take advantage of covert practices to obtain the necessary information, instead of "forcing" this measure -- detecting encrypted/covert communication channels is another topic. Moreover, compared to the Australian police whose capabilities of obtaining information on criminals include the use of spyware is a bit contraversial, but adaptave approach.
If national infrastructure security matters, have individuals and enterprises personally take care of their security and encryption keys, promote data encryption, instead of dictating the vibrations by slowing down the basics through such laws.
"An Amanzimtoti man accused of possessing thousands of computerised child pornography images is expected to raise a technical defence - that he was a victim of a hacker who downloaded the images on to his computer without his knowledge. At least six people had access to his computer at any given time and there was no password."
While I've mentioned on the possibilities of "Anonymous and illegal hosting of (copyrighted) materials" in the future as "Picture a huge distributed storage capability, where the loss of a single host, wouldn’t affect the actual dissemination of the files in question, neither it would influence the rise of bandwidth usage. BitTorrent disrupted the concept of transferring huge files over the Net. As we’ve already witnessed during December, 2005, a relatively modest, still powerful enough botnet of 18, 000 computers started using BitTorrent to transfer pirated files over the hosts. Certain users will definitely wake up as true porn kings :)" I don't think that's the case here though.
Find a list of international organizations on how to report child pornography.
Friday, June 09, 2006
"AOL plans to expand into security services with the release of the Active Security Monitor, expected on Thursday. The program would also check to make sure Internet Explorer is properly configured to prevent security holes. "ASM determines a security score for your PC, and for all other PCs in your home network, by evaluating the status of all the major components needed for a robust system: Anti-Virus software, Anti-Spyware software, Firewall protection, Wireless Security, Operating System, Web Browser, Back up software and PC Optimization."
After the scoring, I presume it would "phone back home" and let AOL know what end users are mostly missing, then a solution provided by AOL, or a licensee would follow. Benchmarking against AOL's understanding of application based security is tricky, and I bet you already know the programs necessary to establish common sense security on your PC/network. Who's next to enter the security industry besides Microsoft and AOL, perhaps DoubleClick?
CNET has naturally reviewed the Active Security Monitor.
Thursday, June 08, 2006
I simply couldn't resist not to share this, seems like this spammer is totally overperforming himself. How would I fell a victim into this, given I cannot read what I'm about to get scammed with?
Spammers today are in a world of pain when it comes to the industry's experience in detecting their messages, still, spam continues to represent the majority of email traffic worldwide, and it's getting more creative. Images, "marketing" messages that you can barely read, old psychological tricks, but still, out of couple of million messages, someone still takes it personal, and feels like making a deal online.
Why spamming works? Because of the ubiquity of email, because of the freely available, marketed as fresh, email lists, and at the bottom line, the price for a spammer to send couple of million emails is getting lower with botnets on demand becoming a commodity. End users, end up sending spam to themselves for being infected with malware. What's next? Spamming is still catching up with the technological posibilities, and Chinese telecom operators for instance happen to be the most experienced ones in filtering mobile phones spam -- guess they're also over-performing in between censorship.
Basically, the book emphasizes on the "first multinational corporation" Rome, selling the ultimate product of its time - citizenship. Moreover, it goes in-depth into the concept of moguls and anti-moguls, and how their tensions indeed create an enterpreneurial and corporate culture in 120 A.D.
Every industry has moguls and anti-moguls, the behind the curtain disruptors at a specific stage. What are some of the characteristics of a mogul?
- Commision their PR
- Exercise power when feeling endangered -- elephants against the mice warfare
- Indirectly control the media that's "winning points" for quotations, and "credible" content
- Generally, tend to believe in being the Sun, when the universe tends to have so many dwarfs, and dimensions altogether
- Hide behind C-level positions
- Talk more than actually listen
- When they sneeze the whole industry gets cold
Certain societies, if not all, get obsessed with superficially creating heroes, so profesionally that at a certain point, the "hero" cannot deny any of the praises, but starts living with them and the load that comes altogether. Get hold of this masterpiece, you're gonna love it!
Tuesday, June 06, 2006
"Hackers armed with little more than a laptop could conjure up phantom planes on the screens of Australia's air traffic controllers using new radar technology, warns Dick Smith. The prominent businessman and aviator claims to have found another serious security flaw in the new software being introduced into the air traffic control system. He has challenged Transport Minister Warren Truss to allow him to set up a demonstration of the problem at a test of the technology in Queensland to show how hackers could exploit the automatic dependent surveillance broadcasting (ASD-B) system to create false readings on an air traffic controller's screen. The air space activist says he was told of the flaw by US Federal Aviation Administration staff."
Compared to a speculation I described in a previous post "Why's that radar screen not blinking over there?", these practices are highly natural to ELINT planes/warfare, and in the capabilities of experienced staff members as pointed out in the article. Everything is buggy, and so is the ASD-B system for sure, but the problem from my point of view, is the possibility for a "talkative leakage", and the procedures, if any, to internally report bugs like these, and get them fixed of course.
Phantom Warhawk image courtesy of Les Patterson.
"A laptop computer containing fingerprints of Internal Revenue Service employees is missing, MSNBC.com has learned. The computer was lost during transit on an airline flight in the western United States, IRS spokesman Terry Lemon said. No taxpayer information was on the lost laptop, Lemon said. In all, the IRS believes the computer contained information on 291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth."
For the time being the largest accommodator of fingerprints in the world is the U.S.A, and this fact affects anyone that enters the U.S. My point is that, given the unregulated ways of classifying, storing, transfering and processing such type of information would result in its inavitable loss -- bad in-transfer security practices or plain simple negligence.
As we're also heading to a biometrics driven society, the impact of future data security breaches will go way beyond identity theft the way we know it -- lost and stolen voice patterns, DNAs, and iris snapshots would make the headlines. You might also be interested in knowing how close that type of "future scenario" really is given the modest genetic database of 3 million Americans already in existence. Things are going to get very ugly, and it's not the privacy issue that bothers me, but the aggregation of such type of data at the first place, and who will get to steal it. It's perhaps the perfect market timing moment to start a portable security solution provider, or resell ones know-how under license, of course.
Sunday, June 04, 2006
"The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned. Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient's computer and data. This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype," wrote Gartner research director Lawrence Orans in an online research note. "Because the Skype client is a free download, most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."
There's a slight chance an enterprise isn't already blocking Skype, using both, commercial and public methods wherever applicable. Moreover, it would be much more feasible to consider the fact that, if the enterprise -- assuming a U.S one -- isn't blocking the use of Skype, it must somehow monitor/retain its use in order to comply with standard regulations. Skype poses the following problems :
- inability for the enterprise to retain the IM and VoIP sessions in accordence with regulations
- wasted bandwidth costing loss productivity and direct cash outflows, slowdown for critical network functions
- covert channels possibilities
Several months ago, Skype was also discussed as a command'n'control application for botnets, while steganography based communications and plain-simple encrypted/stripped IRCd sessions remain rather popular. Malware authors are actively looking for ways to avoid IRC given the popularity it has gained and the experience botnet hunters have these days.
Skype is the last problem to worry about, as in this very same way the recent vulnerabilities in major market leading AVs would have had a higher risk exposure factor as there's a greater chance of occurrence of malware, than a Skype vulnerability. It's the vulnerabilities in software in principle you have to learn how to deal with, and third-party applications that somehow make it on your company's network.
More resources :
Skype Security Evaluation
Silver Needle in the Skype
Skype Security and Privacy Concerns
Impact of Skype on Telecom Service Providers
Today's trends mostly orbit around :
- information sharing, that is less complexity among different departments and agencies
- win-win information sharing among nations
- offensive and defensive CYBERINT, harnessing the power, or protecting against the threats posed by the digital era
- automated and efficient mass surveillance practices- eliminating "safe heavens"
In case you really want to go in-depth into what has happened during the last couple of decades, Vasilli Mitrohih's KGB Archives are worth reading. And the true-retro gamers can take the role of "Captain Maksim Mikahilovich Rukov, recently transferred to the Department P from the GRU after three years' duty to investigate possible corruption inside the KGB (after a former agent turned private eye was found murdered). However, as the plot progresses, Rukov finds himself investigating a party hardliner anti-perestroika plot that threatens the life of General Secretary Mikhail Gorbachev" while playing KGB - Conspiracy game.
Saturday, June 03, 2006
It's great to see that a knowledgeble audience has become a daily reality at this blog, it's never too late to meet new friends or their pseudo personalities. I've also included this month's stats area graph so you can get a grasp of the activity, go through past summaries for - January, February, March and April, in case your brain is hungry for more knowledge.
It is my opinion that the more uninformed the end user is, the less incentive for the vendors to innovate at the bottom line, and on the other hand, it is also easier for a vendor to put emphasize on current trends, instead of emerging ones -- which is what is going to add value to its propositonin the long-term. It's more profitable to treat the disease, instead of curing it. And while curing one doesn't mean curing all, it's a progress. So, I inform both sides and everyone in between. Information has never been free, but it wants to be free, so enjoy, syndicate, and keep yourself up-to-date with my perception on information warfare and information security, even when I'm not blogging, but just linking!
01. Biased Privacy Violation
While the site's niche segment has a lot of potential, I doubt it would scale enough to achieve its full effect. Providing Ex-couples with the microphone to express their attitudes is as quistionable as whether playing 3D shooters actually limits or increases violance.
02. Travel Without Moving - Typhoon Class Submarines
There're a lot of strategic security issues going beyond the information security market, and that is the defense and intelligence community's influence on the world. What used to be a restricted, or expensive practice, satellite imageryis today's Google Earth/Maps's service on a mass scale, anyone can zoom in front of the NSA. And as it's obvious you can spot things you can somehow define as sensitive locations though Google Earth/Maps, the question is so what? I've managed to dig quite some interesting locations I haven't seen posted anywhere and will be adding them shortly, feel free to suggest a spot if you have something in mind. The series in no way compete with the Eyeball-Series.org, though I wish.
03. The Current State of Web Application Worms
Web application worms, their potential and possible huge-scale impactis a topic that's rarely covered as an emerging trend by the mainstream media sources. On the other hand, over 200 words acticles on yet another malware variant going in depth into how the Internet is driving force for the E-commerce revolution, and how a ransomware pience of malware is changing this.The problem is rather serious due to the common type of web application vulnerabilities huge eyeball aggregators suffer from. Whether it's speed or infected population to use as a benchmarking tool, just like packet-type of worms, web application worms are foundamental for the creation of a Superworm beneath the AV sensor's radar.
04. Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Resoucesful post providing overview of the most recent developments inthe emerging market for software vulnerabilities, and the possibilityto secure future vulnerability releases. As Adam at Emergentchaos.com pointed out, the legality of such markets is among the cons of the idea, which is perhaps the time to consider the usability of markets for what's turning into a commodity - security vulnerabilities. The major problem which prompts for the need of such, is the current "private club" only vulnerability sharing practices among the infomediaries, but it can easily be argued that empowering vulnerability diggers, not researchers, isn't the smartest thing the community can do.
Vendors are often discussed as liable for the vulnerabilities in their software, but it's like blaming a dating service for not generating you dates, my point is that you cannot simply blame vendors for the vulnerabilities in their software as it would result in a major slowdown of innovation. Think about it, we all hate Bill Gates and use, while trying to avoid Microsoft's products pretty much everywhere, monocultures are bad, we'd better have half the Internet using MACs, and the other Windows so there would be an incentive and fair "allocation of resources" targeting both sides, as the plain truth is that malicious attackers aren't just attacking these days, they are gaining scale and becoming efficient. In a free market, where market forces invisibly shape and guide it, there's little room for socially oriented iniciatives like these. Today's software and technologies are shipped to get adapted, that's insecure ones we become dependent on, to later find out we have the live with their insecurities -- no one is perfect, and being all well-rounded is so boring at the bottom line.
If we were to start "thinking Security" everywhere, there wouldn't be anything left in respect to usability at the end of the day. And as I've pointed out in a previous post on valuing security, if security doesn't bring anything tangible, but prevents risks, that's the cornerstone of the problems arising with justifying expenditures. The Internet we've become so addicted and dependent on wasn't build with security in mind, but our conscious or subconscious marginal thinking gave us no choice, either live with the vulnerabilities and take advantage of its benefits, or stop using it at all. If we were to start thinking security first, there wouldn't be Internet at all, at least not in our lifetime. ISPs avoiding to take action on customers participating in botnets as they still haven't managed to find a way to commercialize the service, or Microsoft shipping its products in root mode and with all features turned on by default, are important points to keep in mind when refering to the practice of threatening and not curing deceases.
You cannot blame vendors for the security vulnerabilities in their software, you can blame them for the huge windows of opportunities their lack of action opens, and lack of overal commitment towards mitigating the threats posed by these, now, how you would you go to turn your day dreaming into a measurable metric, even come up with a benchmark is challenging -- a challenge ruined by the value of keeping an 0day, a truly 0day one.
05. The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
There you go with your fully realistic 1984 scenario, I wonder would the idea constitute mass surveillance and social networking analysis altogether. DIY alternatives are gaining popularity, and the cell phone industry doesn't really want to be perceived as an "exact location"provider, rather communication services. The excuse if it becomes habitual? Well, since there's no Cold War anymore -- just sentiments -- it's Terrorism today.
06. Snooping on Historical Click Streams
It was about time Google reposition itself as a search company, not as a new media one heading towards portalization. There's nothing wrong with the idea, the realityis they can never catch up with Yahoo -- and they shouldn't! Spending some time with the feature, and you will be able to verify most of your previous research findings, or come across to surprising ones. Do you trust Google and its geolocation services at the bottom line? I do.
07. Pass the Scissors
It's never too late to earn a buck for printing currency, even in times of inflation in between.
08. Is Bin Laden Lacking a Point?
Google trends point to Washington DC as the region with the highest interest in Bin Laden, not surprising isn't it? I feel the entire idea of an organizational hierarchy and Bin Laden on the top is an oudated thinking, but a marketable one forwarding the entire responsibility to one person, who at the end of day wouldn't have any choice but to accept it, even though he had nothing to do with something in particular. Leadership is critical, and so is possible successorship. An image is worth a thousand words in this case!
09. Pocket Anonymity
Harnesing the power of established brands in privacy, encryption and anonymity services and providing portability is a great idea, no doubt, but what I'm missing is a targeted market, a clear positioning, is it privacy or anonymity provider, as there's a huge difference between the two of these. A free alternative to the idea as well.
10. Travel Without Moving - Scratching the Floor
No comment, just awareness.
11. Terrorist Social Network Analysis
Seems like social network analysis practices apply to terrorist organizations as well, and why wouldn't they? As you can see, there isn't big of a different between a Fortune 500 organization, and a terrorist one, the only problem and downsize is the inability to take advantage of the momentum, historical findings out of data mining are useful for power point slides seeking further investment, and that's it.
12. Valuing Security and Prioritizing Your Expenditures
Reactive, Proactive, or Adaptive, what's your security strategy, and what's your return on security investment?
13. EMP Attacks - Electronic Domination in Reverse
Did you know that Stalin was aware of the U.S's A-bomb, even before Harry Truman was? -- the consequence of too much secrecy sometimes! EMP attacks get rarely discussed, yet today's portability of these and potential for chaos put them on the top of my watch list. There have been numerous ongoing Cybersecurity and critical infrastructure security exercies in the U.S for the last couple of years, and while military equipment goes through hardening process, Russia remains a key innovator whose capabilities have surpassed their own expectations. Cyber warfare is the next Revolution in Military Affairs, and it would be naive not to keep thinking of sneaky attacks, the weakest point in an IT and electronics dependent society.
14. Insider Competition in the Defense Industry
Where else, if not in the defense industry?
15. Techno Imperialism and the Effect of Cyberterrorism
Today's public perception of Cyberterrorism is so stereotyped, perhaps due to one basic reality - you cannot fight Cyberterrorism, the way you can blow up a cave in Afghanistan, and it's a big problem. While public accountability is easily achieved through Cybersecurity exercises, there isn't a better tool for propaganda, recruitment, communication and research than the Internet, and as you're about to find out, there are ongoing initiatives to crawl the Web for terrorist web sites, analyze terrorist speaking communication patters on web forums, and how encryption, flight simulator programs are an unseperable reality of the concept.
As the conspiracy theorist inside me is screaming, there used to be a speculation how Disney on purposely brainwashed the perception of UFOs in its content, to make it more user-friendly excuse, and put everyone who's talking the opposite turns into the usual "that's the guy that has seen them" unfavorable position. Today's coverage on Cyberterrorism doesn't provoke discussion, instead it always tries to communicate and question the credibility of the idea, with the usual scenarios relating to SCADA devices, terrorists melting down power plants and the rest of the science-fiction stories. In all my posts on Cyberterrorism, a topic I've been actively writing on, and following for some years, I always point out that terrorists are not rocket scientists unless we make them feel so -- or have benefits to think they are.
16. Travel Without Moving - Cheyenne Mountain Operations Center
Cheyenne Mountain Operations Center from Google Maps, and a summary of a report onGoogle Earth's security implications, I hope you'll manage to get your hands on, the way I did through a friend.
17. Nation Wide Google Hacking Initiative
I like the idea of auditing a nation's cyber space through Google Hacking, the only problem is communicating the value to public and to the companies/sites. What can be defined as sensitive information leaked through Google, and who's the attacker? Is it a script kiddie, a google hacker, a foreign intelligence personel, or foreign company conducting unethical competitive intelligence? Knowing, or at least theorizing on the possible adversaries will lead your auditing practices to an entirely new level.
18. Espionage Ghosts Busters
No government is comfortable with having to smile at Chinese people, or how their economy is evolving from supplier to manufacturer, still there isn't any serious ground for this case -- besides and uncomfortability issue.
19. Arabic Extremist Group Forum Messages' Characteristics
Great research on today's fully realistic scenario of terrorists communicating over the Web, the public one, as basic authentication would have stopped such automated approaches for sure. What can you actually find with that type of intelligence, real terrorists communications, or growing propaganda sentiments, in between pro-democratic individuals to be recruited?
20. The Current, Emerging, and Future State of Hacktivism
A very well researched dissertation, a lot of visionary thoughts while it goes back to the basics. It is doubtful whether hacktivism would cease to exist despite the for-profit malicious attacks these days, as anarchists, governments, patriots or script kiddies, they all have an opinion on how things should be.
21. Bedtime Reading - The Baby Business
What's a "better" kid, and why you don't need one? Controllable uncertainty can be exciting sometimes, but as always, life's too short to live with uncertainty!
22. Travel Without Moving - Korean Demilitarized Zone
A post with an emphasis on North Korea, which as a matter of fact got recently a decline from the U.S on two-way talks on whether the U.S would condemn their nuclear program. As I've pointed out, there are just looking for attention, while the U.S is sticking to six way talks only. Iran truly took advantage of the overly bad publicity for the U.S around the world.
23. Aha, a Backdoor!
A smart way to fuel growth in homeland security solutions is to be able to exempt publicly traded companies from reporting these activities, and with the SEC trying to achieve better transparency in its data reporting practies, it opens up a huge backdoor for enterprises to take advantage of, without any short-term accountability, or transparency requirements for the use of their stockholder's money. It's the corporate world!
24. Forgotten Security
Forgotten what if security plans on a possible assassination to be precise. It's a like a situationwhere a newly graduated wannabe marketer is asked to conduct a marketing research for a future release of a product, and he just opens his bag and brings out a textbook, and starts looking it up.
25. Delaying Yesterday's "0day" Security Vulnerability
Nothing groundbreaking as this is today's reality for everyone, and there isn't such thing as a true 0day vulnerability these days. Oday to who, to the media, to the underground, to the market, or to the researcher who's catching up with a week of backlog?
26. Who's Who in Cyber Warfare?
In the future the majority of Cyber wars would be waged by nations, and the maturity of their understanding of the concept, and actual capabilities is again going to put the masses as a hostage in between. Defensive or offensive motives behind further development, armies will be defeated, and battles will be won in Cyberspace -- whether by infowar guerilla-fighters, corporations, or nations is the beaty of this uncertain growing reality.
27. No Anti Virus Software, No E-banking For You
Great idea, lot's of revenues for the AV vendor, end users with a feeling of security, all looks and sounds great, but it isn't, as these are the basics. An AV solution doesn't mean you won't get hacked, your financial information stolen, and your home PC won't end up in a botnet, it means there's less chance for it to happen now. Is this campaign worth the publicity and in respect to retaining the bank's customers? I feel it is, but it's where the whole process of bank2customer safety practices communication begins.
28. Microsoft in the Information Security Market
McAfee and Symantec have greatly felt the pressure from Microsoft's ambitions, as they've simultaneously released information on their alternatives of OneCare, all-in-one security and PC tunning for the masses. Moreover, IP violation suits and the rest truly represent the threat, and while I don't see any, I avoid the fact that this is what the end user really needs. And with all the buzz about OneCare, Microsoft's distribution channels, channel partners and strategic partnerships, it would be hard for them to stop using OneCare in an year. That's why McAfee, and Symantec's releases of alternatives neatly ruined the pionner position Microsoft could have taken. Now it's the same old information security market, the one you're so comfortable with, McAfee and Symantec providing security solutions as their first priority, and Microsoft, positioned as a follower catching up. Smart move!
29. Covert Competitive Intelligence
With enterprises considering key extranet participants as potential attack vectors, and web-integration of backend systems as potential targets, insiders are benefiting from within. Dealing with "hackers", malware, firewalls configuration etc. is part of the problem of perimeter based and application based defense. Consider taking into consideration, organizational threats such as insiders, and figure out a cost-effective way of dealing with this hard to detect, measure and secure against threat.
30. The Global Security Challenge - Bring Your Know-How
How would you be more creative, knowing how much is your budget and trying to allocate it for the idea of allocating it, or coming up with the idea first and then trying to commercialize it? Budget allocation is a daily practice, but the way it empowers, the very same way it wastes resources, ones usually wrongly allocated.
31. Healthy Paranoia
I really feel you.