Zombies inevitably turning into botnets represent a huge, automated and efficient advantage to malicious attackers, I topic and most of its dimensions I covered in my Future trends of malware research. CipherTrust's Zombie Stats help you measure the approximate population of infected zombie PCs according to the vendor's TrustedSource. Not surprisingly, China's steadily increasing novice Internet population, both represents a growing menace to the entire Internet, and a market development opportunity for AV and security vendors. The situation is getting of hand with ISPs upgrading Internet connections, while still not putting enough efforts when it comes to dealing with botnets. And while some are taking actions under enforcement, major ISPs are still reluctant to face the issue -- ISPs still prefer to offer security services on a license basis or through reseller partnerships, though I'm certain there's an entire market segment waiting to be discovered by them if they manage to reset their position in this space.
Moreover, Prolexic's Zombie report for Q1-Q2 2005, provides even more detailed info, and a neat visualization of the routes involved with DDoS attacks, where the blue represents the U.S, and the red China. For the the time being, the ShadowServer guys keep on enthusiastically dealing with the problem, for no profit at all.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Friday, June 30, 2006
Real-Time PC Zombie Statistics
Tags:
Botnet,
CipherTrust,
Information Security,
Malicious Software,
Prolexic,
Security,
Security Statistics,
Shadow Server
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
The WarDriving Police and Pringles Hacking
These days you never know where the next hacking attempt on your wireless network may come from. In this case, it's from the police, as authorities start mimicking wardriving behavior :
"The Douglas Country Sheriff's DOffice says it's going to start warning computer users that their networks may be vulnerable to hackers. The Sheriff's Department plans to equip several of its community service and patrol cars with devices that detect unprotected computer networks. In cases where investigators can figure out who owns the networks, they'll try to warn of potential security issues. They'll also drop off brochures with instructions to computer users on how to password protect their networks."
Back in 2004, Kelly Martin wrote a very pragmatic article on Catching a virus writer, empasizing on how "with the consumer WiFi explosion, launching a virus into the wild has never been easier and more anonymous than it is today." Moreover, Kaspersky labs recently assessed the situation in England, and you can easily see the need of basic awareness there.
I don't feel it's a good idea mainly because it generates more noise for the end user to sort through. They'd rather assess and position on a map the regions with most vulnerable networks and figure out a cost-effective ways of spreading awareness in these regions, instead of taking the role of an ethical wardriving. On the other hand, if they start taking care of wireless, would they start taking into consideration Bluetooth as well? There're just too many ethical wardrivers to deal with and deceive these days, and creative end users tend to multiply themselves or, of course, use common sense protection.
WarDriving Awareness brochure courtesy of Tom Hayward. Recommended reading - "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics".
"The Douglas Country Sheriff's DOffice says it's going to start warning computer users that their networks may be vulnerable to hackers. The Sheriff's Department plans to equip several of its community service and patrol cars with devices that detect unprotected computer networks. In cases where investigators can figure out who owns the networks, they'll try to warn of potential security issues. They'll also drop off brochures with instructions to computer users on how to password protect their networks."
Back in 2004, Kelly Martin wrote a very pragmatic article on Catching a virus writer, empasizing on how "with the consumer WiFi explosion, launching a virus into the wild has never been easier and more anonymous than it is today." Moreover, Kaspersky labs recently assessed the situation in England, and you can easily see the need of basic awareness there.
I don't feel it's a good idea mainly because it generates more noise for the end user to sort through. They'd rather assess and position on a map the regions with most vulnerable networks and figure out a cost-effective ways of spreading awareness in these regions, instead of taking the role of an ethical wardriving. On the other hand, if they start taking care of wireless, would they start taking into consideration Bluetooth as well? There're just too many ethical wardrivers to deal with and deceive these days, and creative end users tend to multiply themselves or, of course, use common sense protection.
WarDriving Awareness brochure courtesy of Tom Hayward. Recommended reading - "War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics".
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Thursday, June 29, 2006
North Korea - Turn On the Lights, Please
North Korea's recent missile launch furor, and the obvious conventional weaponry doctrine in place, as well as my comments in the Travel Without Moving series - Korean Demilitarized Zone, reminded me of a how they tend to fuel growth in military spending/the regime, where the trade-off is a developing economy, or any economy at all. I feel North Korea is still quite dark these days, very impressive imagery showing that :
"South Korea is bright, North Korea is dark. This amazing image is included in the standard US Department of Defense briefings on North Korea. It was mentioned in a news briefing on 23 December 2002 by Defense Secretary Rumsfeld, who stated that "If you look at a picture from the sky of the Korean Peninsula at night, South Korea is filled with lights and energy and vitality and a booming economy; North Korea is dark." There are a number of versions of this image in circulation, with visible differences that vary according to the conditions at the time the imagery was acquired."
Rich Karlgaard's comment on lifting North Korea sanctions, and Quentin Hardy's argument that "Capitalism has corrupted other authoritarian regimes, why not North Korea?”are worth taking into consideration.
"South Korea is bright, North Korea is dark. This amazing image is included in the standard US Department of Defense briefings on North Korea. It was mentioned in a news briefing on 23 December 2002 by Defense Secretary Rumsfeld, who stated that "If you look at a picture from the sky of the Korean Peninsula at night, South Korea is filled with lights and energy and vitality and a booming economy; North Korea is dark." There are a number of versions of this image in circulation, with visible differences that vary according to the conditions at the time the imagery was acquired."
Rich Karlgaard's comment on lifting North Korea sanctions, and Quentin Hardy's argument that "Capitalism has corrupted other authoritarian regimes, why not North Korea?”are worth taking into consideration.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tracking Down Internet Terrorist Propaganda
I always knew there's a team of cheap marketers behind every terrorist organization trying to market yet another multimedia killing, or put it simple fear, treats, and no respect for life. Why cheap? Mainly because there's no segmentation or niche issues to deal with, but mostly mass marketing, while harnessing the power of the never ending resonation from the media echo.
Rather biased, today's opinion on Cyberterrorism always has to do primarily with destruction as the core of the problem. Active research is already conducted on "Arabic Extremist Group Forum Messages' Characteristics" and "Terrorist Social Network Analysis", and the real issues still remain communication, research, fundraising, propaganda, recruitment and training -- I wish Dorothy Denning was also blogging on the topic!
iDefense, being the masters of CYBERINT, recently found jihadist web sites related to Zarqawi's "Successor". The interesting part :
"This website contains forums with a mix of threads covering items from the latest information on the militants in the Middle East, such as a video of militants in Syria, to hacker education, such as Microsoft Word documents available for downloading that detail CGI, unicode and php exploits. The members appear to be interested in physical and cyber-related threats. The membership of the site is growing and is already over 10,000+ members. Plus, we at iDefense/VeriSign are very interested to see what hacking issues or levels of cyber expertise may be covered on this site."
By the way, I just came across to an outstanding list of Islamic sites at Cryptome. These are definitely about to get crawled, analyzed, and for sure, under attack in the future. For instance, the most recent example of hacktivism tensions, are the hundreds of hacked Israeli web pages, in the light of Israel's military action in Gaza.
Further reading on:
Terrorism
Cyberterrorism
How Modern Terrorism Uses the Internet
Jihad Online : Islamic Terrorists and the Internet
Right-wing Extremism on the Internet
Terrorist web sites courtesy of the SITE Institute
The HATE Directory November 2005 update
Recruitment by Extremist Groups on the Internet
Rather biased, today's opinion on Cyberterrorism always has to do primarily with destruction as the core of the problem. Active research is already conducted on "Arabic Extremist Group Forum Messages' Characteristics" and "Terrorist Social Network Analysis", and the real issues still remain communication, research, fundraising, propaganda, recruitment and training -- I wish Dorothy Denning was also blogging on the topic!
iDefense, being the masters of CYBERINT, recently found jihadist web sites related to Zarqawi's "Successor". The interesting part :
"This website contains forums with a mix of threads covering items from the latest information on the militants in the Middle East, such as a video of militants in Syria, to hacker education, such as Microsoft Word documents available for downloading that detail CGI, unicode and php exploits. The members appear to be interested in physical and cyber-related threats. The membership of the site is growing and is already over 10,000+ members. Plus, we at iDefense/VeriSign are very interested to see what hacking issues or levels of cyber expertise may be covered on this site."
By the way, I just came across to an outstanding list of Islamic sites at Cryptome. These are definitely about to get crawled, analyzed, and for sure, under attack in the future. For instance, the most recent example of hacktivism tensions, are the hundreds of hacked Israeli web pages, in the light of Israel's military action in Gaza.
Further reading on:
Terrorism
Cyberterrorism
How Modern Terrorism Uses the Internet
Jihad Online : Islamic Terrorists and the Internet
Right-wing Extremism on the Internet
Terrorist web sites courtesy of the SITE Institute
The HATE Directory November 2005 update
Recruitment by Extremist Groups on the Internet
Tags:
Cyber Jihad,
Cyber Terrorism,
Data Mining,
Hacktivism,
Information Security,
Security,
Social Network Analysis,
Terrorism
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Wednesday, June 28, 2006
Delicious Information Warfare - 24/27 June
Go through my daily reads for 13/24 June as well.
01. Meteorite Collision - "Japanese animation showing what would happen if a giant meteor hit the Earth." to Space on june 25
02. Should We Lift North Korean Sanctions? - "Quentin Hardy summed up his side’s argument: “Capitalism has corrupted other authoritarian regimes, why not North Korea?”to Investing on june 25
03. The ABCs of New Security Leadership - "Maintaining the right level of boardroom and employee awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm. Below, CSO looks at what's Out and what's In." to Security Leadership on june 27
04. Blackmailer : the story of Gpcode - "Analysts at Kaspersky Lab had successfully cracked a 660 bit RSA encryption key. This was the latest victory against a cyber blackmailer that had been plaguing users in Russia for over a year and a half." to Malware Ransomware on june 27
05. My Anti-Virus Revolving Door - "I'm the Donald Trump of anti-virus software testing. It won't be long before they're all fired." to Malware AntiVirus on june 27
06. Eyeballing Israel Signal Facilities - "Israeli Signal Facilities, courtesy of the Eyeball Series." to Security Defense Reconnaissance Satellite GEOINT on june 27
07. DHS Special Report Can DHS meet IT cybersecurity expectations? - “In the Defense budget we have put hundreds of millions of dollars in for info. dominance,” Weldon said. He cited Pentagon programs to fund universities to launch cybersecurity studies centers and to expand the military’s own cybersecurity programs." to Security Defense Cyberterrorism Leadership on june 27
08. Tampa GOP Cyber-Attack - "As the global Islamist war heats up, technically savvy cyber-terrorists will continue to look to find weaknesses in the Internet infrastructure of the West." to InformationWarfare Cyberterrorism Hacktivism PSYOPS on june 27
09. Analysis Warns U.S. of Cyber Security Weaknesses - "If our nation is hit by a cyber Katrina that wipes out large parts of the Internet, there is no coordinated plan in place to restart and restore the Internet," said John J. Castellani, President of the Roundtable." to Security Defense Cyberterrorism Leadership on june 27
10. Ignoring the Great Firewall of China - "The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST fag set) are sent to both endpoints of the connection.." to Censorship China FreeSpeech on june 27
11. Encyclopedia of Espionage, Intelligence, and Security - "Espionage information." to Intelligence Espionage on june 27
12. China-Led Group to Fight Web Fraud, Cyber Terrorism - "A Russian and Chinese-led bloc of Asian states said Thursday it plans to set up an expert group to boost computer security and help guard against threats to their regimes from the Internet." to Security on june 27
13. Immunizing The Internet, Or : How I Learned To Stop Worrying And Love The Worm - "In a 1997 exercise, NSA teams hacked into computer systems at four regional military commands and the National Military Command Center and showed that hackers could cause large-scale power outages and 911 emergency telephone network overloads." to Security Defense InformationWarfare Cyberterrorism on june 27
14. Five Questions For Martin Roesch, Founder and CTO of Sourcefire - "In 1998, Roesch created Snort, an app that sniffs out malicious traffic trying to enter a network. Snort's free source code has been downloaded more than 3 million times." to Interview on june 27
15. Firms Eye Video Surveillence - "And as the technology shrinks, the cameras slip deeper into the background, hardly noticed, streaming more than 4 billion hours of footage a week—footage that usually ends up lost, and never seen." to Surveillance CCTV Technology on june 27
16. How big is Earth compared to other planets and stars? - "Fun series of photos comparing Earth's size to that of other planets and stars." to Space on june 27
17. All-Seeing Blimp on the Rise - "The problem with the American military today is that it doesn't have a giant, robotic airship, two-and-a-half times the size of the Goodyear blimp, that can watch over an entire city at once.The idea is to park an unmanned airship over a hot zone. to Military Surveillance Privacy on june 27
18. Malware in Popular Networks - "Some of the other popular means of computer supported collaboration are USENET, IRC, P2P, IM. We have seen a consistent uprise of malware targeting these collaborative systems."
to Malware on june 27
19. Word macro trojan dropper and (another) downloader - "We've seen a lot of new malware being spammed in last couple of hours." to Malware on june 27
01. Meteorite Collision - "Japanese animation showing what would happen if a giant meteor hit the Earth." to Space on june 25
02. Should We Lift North Korean Sanctions? - "Quentin Hardy summed up his side’s argument: “Capitalism has corrupted other authoritarian regimes, why not North Korea?”to Investing on june 25
03. The ABCs of New Security Leadership - "Maintaining the right level of boardroom and employee awareness is a consequence of leadership. And more effective ideas and tactics are replacing the old, reactive security leadership paradigm. Below, CSO looks at what's Out and what's In." to Security Leadership on june 27
04. Blackmailer : the story of Gpcode - "Analysts at Kaspersky Lab had successfully cracked a 660 bit RSA encryption key. This was the latest victory against a cyber blackmailer that had been plaguing users in Russia for over a year and a half." to Malware Ransomware on june 27
05. My Anti-Virus Revolving Door - "I'm the Donald Trump of anti-virus software testing. It won't be long before they're all fired." to Malware AntiVirus on june 27
06. Eyeballing Israel Signal Facilities - "Israeli Signal Facilities, courtesy of the Eyeball Series." to Security Defense Reconnaissance Satellite GEOINT on june 27
07. DHS Special Report Can DHS meet IT cybersecurity expectations? - “In the Defense budget we have put hundreds of millions of dollars in for info. dominance,” Weldon said. He cited Pentagon programs to fund universities to launch cybersecurity studies centers and to expand the military’s own cybersecurity programs." to Security Defense Cyberterrorism Leadership on june 27
08. Tampa GOP Cyber-Attack - "As the global Islamist war heats up, technically savvy cyber-terrorists will continue to look to find weaknesses in the Internet infrastructure of the West." to InformationWarfare Cyberterrorism Hacktivism PSYOPS on june 27
09. Analysis Warns U.S. of Cyber Security Weaknesses - "If our nation is hit by a cyber Katrina that wipes out large parts of the Internet, there is no coordinated plan in place to restart and restore the Internet," said John J. Castellani, President of the Roundtable." to Security Defense Cyberterrorism Leadership on june 27
10. Ignoring the Great Firewall of China - "The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST fag set) are sent to both endpoints of the connection.." to Censorship China FreeSpeech on june 27
11. Encyclopedia of Espionage, Intelligence, and Security - "Espionage information." to Intelligence Espionage on june 27
12. China-Led Group to Fight Web Fraud, Cyber Terrorism - "A Russian and Chinese-led bloc of Asian states said Thursday it plans to set up an expert group to boost computer security and help guard against threats to their regimes from the Internet." to Security on june 27
13. Immunizing The Internet, Or : How I Learned To Stop Worrying And Love The Worm - "In a 1997 exercise, NSA teams hacked into computer systems at four regional military commands and the National Military Command Center and showed that hackers could cause large-scale power outages and 911 emergency telephone network overloads." to Security Defense InformationWarfare Cyberterrorism on june 27
14. Five Questions For Martin Roesch, Founder and CTO of Sourcefire - "In 1998, Roesch created Snort, an app that sniffs out malicious traffic trying to enter a network. Snort's free source code has been downloaded more than 3 million times." to Interview on june 27
15. Firms Eye Video Surveillence - "And as the technology shrinks, the cameras slip deeper into the background, hardly noticed, streaming more than 4 billion hours of footage a week—footage that usually ends up lost, and never seen." to Surveillance CCTV Technology on june 27
16. How big is Earth compared to other planets and stars? - "Fun series of photos comparing Earth's size to that of other planets and stars." to Space on june 27
17. All-Seeing Blimp on the Rise - "The problem with the American military today is that it doesn't have a giant, robotic airship, two-and-a-half times the size of the Goodyear blimp, that can watch over an entire city at once.The idea is to park an unmanned airship over a hot zone. to Military Surveillance Privacy on june 27
18. Malware in Popular Networks - "Some of the other popular means of computer supported collaboration are USENET, IRC, P2P, IM. We have seen a consistent uprise of malware targeting these collaborative systems."
to Malware on june 27
19. Word macro trojan dropper and (another) downloader - "We've seen a lot of new malware being spammed in last couple of hours." to Malware on june 27
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tuesday, June 27, 2006
Malicious Web Crawling
SiteAdvisor indeed cashed for evaluating the maliciosness of the web, and New Zealand feels that nation wide google hacking initiatives are a more feasible solution to the problem of google hacking, compared to the Catawba County Schools Board of Education who blamed Google for indexing student test scores & social security numbers. It's like having a just-moved, 25/30 years old neighbors next to your place, who didn't know you have thermal movement detection equipment and parabolic microphones, in order to seal the house by using robots.txt, or assigning the necessary permissions on the web server asap.
Tip to the Board of Education, don't bother Google but take care of the problem on your own, immediately, through Google's automatic URL removal system, by first "inserting the appropriate meta tags into the page's HTML code. Doing this and submitting via the automatic URL removal system will cause a temporary, 180-day removal of these pages from the Google index, regardless of whether you remove the robots.txt file or meta tags after processing your request."
Going back to the idea of malicious web crawling, the best "what if" analysis comes from Michal Zalewski, back in 2001's Phrack issue article on "The Rise of the Robots" -- nice starting quote! It tries to emphasize that "Others - Internet workers - hundreds of never sleeping, endlessly browsing information crawlers, intelligent agents, search engines... They come to pick this information, and - unknowingly - to attack victims. You can stop one of them, but can't stop them all. You can find out what their orders are, but you can't guess what these orders will be tomorrow, hidden somewhere in the abyss of not yet explored cyberspace. Your private army, close at hand, picking orders you left for them on their way. You exploit them without having to compromise them. They do what they are designed for, and they do their best to accomplish it. Welcome to the new reality, where our A.I. machines can rise against us."
That's a far more serious security issue to keep an eye on, instead of Google's crawlers eating your web site for breakfast.
Tip to the Board of Education, don't bother Google but take care of the problem on your own, immediately, through Google's automatic URL removal system, by first "inserting the appropriate meta tags into the page's HTML code. Doing this and submitting via the automatic URL removal system will cause a temporary, 180-day removal of these pages from the Google index, regardless of whether you remove the robots.txt file or meta tags after processing your request."
Going back to the idea of malicious web crawling, the best "what if" analysis comes from Michal Zalewski, back in 2001's Phrack issue article on "The Rise of the Robots" -- nice starting quote! It tries to emphasize that "Others - Internet workers - hundreds of never sleeping, endlessly browsing information crawlers, intelligent agents, search engines... They come to pick this information, and - unknowingly - to attack victims. You can stop one of them, but can't stop them all. You can find out what their orders are, but you can't guess what these orders will be tomorrow, hidden somewhere in the abyss of not yet explored cyberspace. Your private army, close at hand, picking orders you left for them on their way. You exploit them without having to compromise them. They do what they are designed for, and they do their best to accomplish it. Welcome to the new reality, where our A.I. machines can rise against us."
That's a far more serious security issue to keep an eye on, instead of Google's crawlers eating your web site for breakfast.
Tags:
Google,
Google Hacking,
Information Security,
Search Engine,
Security,
SiteAdvisor,
Web Crawler
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Shots From the Wild - Terrorism Information Awareness Program Demo Portal
A lot has changed since my last post on "Data mining, terrorism and security", namely NSA's warrantless surveillance efforts. So, in the spirit of a second possible NSA facility, I've decided to post a shot from the TIA's early stages of development obtained though the most detailed, conceptual, and from a developer's point of view description of the program.
There've also been speculations on the severity of NSA wiretapping program compared to the Watergate scenario, while I feel that besides political engineering through infowar, it also occurs relatively more often over a juicy barbecue.
Related resources on Intelligence, NSA, Surveillance, Wiretapping.
There've also been speculations on the severity of NSA wiretapping program compared to the Watergate scenario, while I feel that besides political engineering through infowar, it also occurs relatively more often over a juicy barbecue.
Related resources on Intelligence, NSA, Surveillance, Wiretapping.
Tags:
Data Mining,
Eavesdropping,
Information Security,
Security,
Social Network Analysis,
Surveillance,
TIA,
Total Information Awareness,
Wiretapping
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Monday, June 26, 2006
Dealing with Spam - The O'Reilly.com Way
While China feels that centralization is the core of everything, and is licensing the use of mail servers to fight spam, thus totally ignoring the evolution of spam techniques, the other day I came across to some recent Spam Statistics from Oreilly.com -- scary numbers!
"Our mail servers accepted 1,438,909 connections, attempting to deliver 1,677,649 messages. We rejected 1,629,900 messages and accepted only 47,749 messages. That's a ratio of 1:34 accepted to rejected messages! Here is how the message rejections break down:
Bad HELO syntax: 393284
Sending mail server masquerades as our mail server: 126513
Rejected dictionary attacks: 22567
Rejected by SORBS black list: 262967
Rejected by SpamHaus black list: 342495
Rejected by local block list: 5717
Sender verify failed: 4525
Recipient verify failed (bad To: address): 287457
Attempted to relay: 5857
No subject: 176
Bad header syntax: 0
Spam rejected (score => 10): 42069
Viruses/malware rejected: 2575
Bad attachments rejected: 1594"
Draw up the conclusions for yourself, besides shooting into the dark or general syntax errors, total waste of email traffic resulting in delayed email is the biggest downsize here, thankfully, non-commercial methods are still capable of dealing with the problem. At the bottom line, sending a couple of million email messages on the cost of anything, and getting a minor response from a "Hey this is hell of a deal and has my username on the top of it!" type of end users seems to keep on motivating the sender. Localized spam is much more effective as an idea, but much easier to trace compared to mass-marketing approaches, though I feel it would emerge with the time.
Browse through Spamlinks.net for anything anti-spam related, quite an amazing resource.
"Our mail servers accepted 1,438,909 connections, attempting to deliver 1,677,649 messages. We rejected 1,629,900 messages and accepted only 47,749 messages. That's a ratio of 1:34 accepted to rejected messages! Here is how the message rejections break down:
Bad HELO syntax: 393284
Sending mail server masquerades as our mail server: 126513
Rejected dictionary attacks: 22567
Rejected by SORBS black list: 262967
Rejected by SpamHaus black list: 342495
Rejected by local block list: 5717
Sender verify failed: 4525
Recipient verify failed (bad To: address): 287457
Attempted to relay: 5857
No subject: 176
Bad header syntax: 0
Spam rejected (score => 10): 42069
Viruses/malware rejected: 2575
Bad attachments rejected: 1594"
Draw up the conclusions for yourself, besides shooting into the dark or general syntax errors, total waste of email traffic resulting in delayed email is the biggest downsize here, thankfully, non-commercial methods are still capable of dealing with the problem. At the bottom line, sending a couple of million email messages on the cost of anything, and getting a minor response from a "Hey this is hell of a deal and has my username on the top of it!" type of end users seems to keep on motivating the sender. Localized spam is much more effective as an idea, but much easier to trace compared to mass-marketing approaches, though I feel it would emerge with the time.
Browse through Spamlinks.net for anything anti-spam related, quite an amazing resource.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Big Brother in the Restroom
Wikes! This is nasty, and while the porn industry has commercialized the idea a long time ago, I never imagined the levels of crime in public restrooms would "reach" levels requiring CCTVs to be installed -- if there's so much vandalism going on in public restrooms, these will definitely get stolen as well, picture the situation! Norway installs surveillance cameras in park restrooms.
Hint : once you get involved in the CCTV irony, I say irony mainly because the dude behind the 40 motion detection and face recognition wall is having another CCTV behind his back, you end up spending tax payers money to cover "blind spots", and end up with a negative ROI while trying to achieve self-regulation, if one matters!
Surveillance and Society's journal still remains the most resourceful publication on surveillance studies and its impact on society.
Further reading and previous cases:
The Hidden Camera
Iowa Judge Says Hidden Restroom Camera Case Can Proceed to Trial
Hint : once you get involved in the CCTV irony, I say irony mainly because the dude behind the 40 motion detection and face recognition wall is having another CCTV behind his back, you end up spending tax payers money to cover "blind spots", and end up with a negative ROI while trying to achieve self-regulation, if one matters!
Surveillance and Society's journal still remains the most resourceful publication on surveillance studies and its impact on society.
Further reading and previous cases:
The Hidden Camera
Iowa Judge Says Hidden Restroom Camera Case Can Proceed to Trial
Tags:
Anonymity,
Big Brother,
CCTV,
Censorship,
Free Speech,
Information Security,
Internet Censorship,
Privacy,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
World's Internet Censorship Map
While it seems rather quiet on the Internet's censorship front, the media coverage on the topic represents a cyclical buzz that reemerges with the time.
Thankfully, initiatives as the OpenNet one, and organizations such as Reporters Without Borders never stop being the society's true watchdogs when it comes to Internet censorship. ONI's neat visualization of the Internet filtering map is a great way of pin pointing key locations, and provide further details through their in-depth reports, take a look for yourself!
Censorship is capable of running entire governments, maintaining historical political power, and mostly ruling by "excluding the middle". Recently, two of China's leading Internet portals were shut down due to maintenance issues acting as the excuse for improving their filtering capabilities. Reporters Without Borders conducted an outstanding analysis of the situation, coming to the conclusion "that the search engines of China’s two leading Internet portals, Sina and Sohu, after they were shut down from 19 to 21 June for what they described as a “technical upgrade” but which in fact was designed to improve the filtering of their search results."
What is Google up to? Making business compromises in order to harness the power of the growing Chinese Internet population. And while the Wall is cracking from within, the world is also taking actions against the fact that there're currently 30 journalists behind bars in China.
Thankfully, initiatives as the OpenNet one, and organizations such as Reporters Without Borders never stop being the society's true watchdogs when it comes to Internet censorship. ONI's neat visualization of the Internet filtering map is a great way of pin pointing key locations, and provide further details through their in-depth reports, take a look for yourself!
Censorship is capable of running entire governments, maintaining historical political power, and mostly ruling by "excluding the middle". Recently, two of China's leading Internet portals were shut down due to maintenance issues acting as the excuse for improving their filtering capabilities. Reporters Without Borders conducted an outstanding analysis of the situation, coming to the conclusion "that the search engines of China’s two leading Internet portals, Sina and Sohu, after they were shut down from 19 to 21 June for what they described as a “technical upgrade” but which in fact was designed to improve the filtering of their search results."
What is Google up to? Making business compromises in order to harness the power of the growing Chinese Internet population. And while the Wall is cracking from within, the world is also taking actions against the fact that there're currently 30 journalists behind bars in China.
Tags:
Anonymity,
Censorship,
Free Speech,
Information Security,
Internet Censorship,
Privacy,
Reporters Without Borders,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Sunday, June 25, 2006
Delicious Information Warfare - 13/24 June
Brief summaries of key events for the last week and a half, catch up with previous ones as well. I intend to continue sharing my daily reads while emphasizing on the big picture, and emerging trends. Great quote courtesy of the The Royal Swedish Academy of War Sciences : “The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data. It’s all just electrons. . . . There’s a war out there . . . and it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think, it’s all about information.”
01. Eyeballing North Korean Missile Launch Furor - "Latest satellite photo coverage and description of the launch site facilities." to Military Satellite Reconnaissance GEOINT ... on 25 June
02. VoIP wiretapping could lead to more problems - "Requiring Internet service providers to respond in real time to requests for them to record VoIP calls would open up the Internet to new vulnerabilities, Whitfield Diffie added." to Intelligence Terrorism Wiretapping CALEA VoIP on 25 June
03. Police arrest two in Japan data theft case - "Blackmailers attempted to extort almost $90,000 from one of Japan's largest phone companies by threatening to reveal a leak of private data belonging to four million customers before a major shareholder meeting." to Espionage Insider Investing on 25 June
04. Kevin Mitnick, the great pretender - "ZDNet UK caught up with the ex-cracker to discuss developments in social engineering, new U.S. laws monitoring telephone systems and alleged "NASA hacker" Gary McKinnon's impending extradition to the United States." to Security Interview on 25 June
05. Data-Theft Worm Targets Google's Orkut - "Now, however, the infection will pop up a message telling you your data is being mailed off someplace, before sending you to the Orkut site." to Malware Web on 25 June
06. French Microsoft Web site hacked - "Hackers on Sunday broke into a part of Microsoft's French Web site, replacing the front page with online graffiti." to Hacktivism Microsoft Defacement on 25 June
07. SCADA industry debates flaw disclosure - "The guys who are setting up these systems are not security professionals. And many of the systems that are running SCADA applications were not designed to be secure--it's a hacker's playground."
to Security SCADA Cyberterrorism Vulnerabilities on 25 June
08. Details emerge on second potential NSA facility - "The room had a sophisticated set of double security doors, known as a "mantrap," and any engineer who worked inside required extensive security clearances." to Intelligence NSA Terrorism Surveillance Wiretapping on 25 June
09. Next-Gen Bank Trojans Are Upon Us - "The 3G Banking Trojan can steal your info and then siphon your account of its cash. The 3G Banking Trojan began with the "Win32.Grams" piece of malware, which first appeared in 2004."to Malware on 25 June
10. Malware authors eyeing Web-based applications - "As Web-based services grow increasingly popular, industry experts say users should brace for more of these threats." to Malware Web on 25 June
11. Stratcom leads DOD cyberdefense efforts - “Unfortunately for us, cyberterrorism is cheap, and it’s fast,” Kehler said. “Today’s terrorist moves at the speed of information.” to Defense InformationWarfare Cyberterrorism on 25 June
12. Text Messaging Used as Malware Lure - "Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones." to Malware Mobile on 25 June
13. Two China Search Sites Shut - "Censorship or maintenance? That’s the question after two Chinese search engines shut down temporarily." to China Censorship FreeSpeech on 25 June
14. Web services increasingly under attack - "As larger audiences flock to Web sites that run on ever more powerful programming scripts, malware writers are them fertile ground." to Security Malware Web on 25 June
15. What's the Endpoint of Endpoint Security? - "Finally, there’s a more manipulative progenitor of new jargon: the analyst community. White papers, market reports and mystical squares can get crowded, and the big vendors often dominate them."
to Security Investing Advertising Leadership on 25 June
16. Expatriates in Canada pressured to spy - "Despite strong warnings from the government of Canada, certain countries continue to use their intelligence services to manipulate and exploit expatriate communities in Canada," CSIS said." to Intelligence OSINT Espionage on 25 June
17. Review: Terror On The Internet - "Terror on the Internet" usefully outlines the basic contours of his subject, giving a taste of Al Qaeda's Internet rhetoric and strategies, along with those of less well-known militant groups from Colombia to the Basque country to Chechnya." to InformationWarfare Cyberterrorism Terrorism PSYOPS on 25 June
18. Web of terror - "The suspects reportedly became radicalized through militant Web sites and received online advice from Younis Tsouli, the Britain-based Webmaster for Islamic extremist sites who called himself "Terrorist 007," before he was arrested late last year." to InformationWarfare Cyberterrorism Terrorism PSYOPS Web on 25 June
01. Eyeballing North Korean Missile Launch Furor - "Latest satellite photo coverage and description of the launch site facilities." to Military Satellite Reconnaissance GEOINT ... on 25 June
02. VoIP wiretapping could lead to more problems - "Requiring Internet service providers to respond in real time to requests for them to record VoIP calls would open up the Internet to new vulnerabilities, Whitfield Diffie added." to Intelligence Terrorism Wiretapping CALEA VoIP on 25 June
03. Police arrest two in Japan data theft case - "Blackmailers attempted to extort almost $90,000 from one of Japan's largest phone companies by threatening to reveal a leak of private data belonging to four million customers before a major shareholder meeting." to Espionage Insider Investing on 25 June
04. Kevin Mitnick, the great pretender - "ZDNet UK caught up with the ex-cracker to discuss developments in social engineering, new U.S. laws monitoring telephone systems and alleged "NASA hacker" Gary McKinnon's impending extradition to the United States." to Security Interview on 25 June
05. Data-Theft Worm Targets Google's Orkut - "Now, however, the infection will pop up a message telling you your data is being mailed off someplace, before sending you to the Orkut site." to Malware Web on 25 June
06. French Microsoft Web site hacked - "Hackers on Sunday broke into a part of Microsoft's French Web site, replacing the front page with online graffiti." to Hacktivism Microsoft Defacement on 25 June
07. SCADA industry debates flaw disclosure - "The guys who are setting up these systems are not security professionals. And many of the systems that are running SCADA applications were not designed to be secure--it's a hacker's playground."
to Security SCADA Cyberterrorism Vulnerabilities on 25 June
08. Details emerge on second potential NSA facility - "The room had a sophisticated set of double security doors, known as a "mantrap," and any engineer who worked inside required extensive security clearances." to Intelligence NSA Terrorism Surveillance Wiretapping on 25 June
09. Next-Gen Bank Trojans Are Upon Us - "The 3G Banking Trojan can steal your info and then siphon your account of its cash. The 3G Banking Trojan began with the "Win32.Grams" piece of malware, which first appeared in 2004."to Malware on 25 June
10. Malware authors eyeing Web-based applications - "As Web-based services grow increasingly popular, industry experts say users should brace for more of these threats." to Malware Web on 25 June
11. Stratcom leads DOD cyberdefense efforts - “Unfortunately for us, cyberterrorism is cheap, and it’s fast,” Kehler said. “Today’s terrorist moves at the speed of information.” to Defense InformationWarfare Cyberterrorism on 25 June
12. Text Messaging Used as Malware Lure - "Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones." to Malware Mobile on 25 June
13. Two China Search Sites Shut - "Censorship or maintenance? That’s the question after two Chinese search engines shut down temporarily." to China Censorship FreeSpeech on 25 June
14. Web services increasingly under attack - "As larger audiences flock to Web sites that run on ever more powerful programming scripts, malware writers are them fertile ground." to Security Malware Web on 25 June
15. What's the Endpoint of Endpoint Security? - "Finally, there’s a more manipulative progenitor of new jargon: the analyst community. White papers, market reports and mystical squares can get crowded, and the big vendors often dominate them."
to Security Investing Advertising Leadership on 25 June
16. Expatriates in Canada pressured to spy - "Despite strong warnings from the government of Canada, certain countries continue to use their intelligence services to manipulate and exploit expatriate communities in Canada," CSIS said." to Intelligence OSINT Espionage on 25 June
17. Review: Terror On The Internet - "Terror on the Internet" usefully outlines the basic contours of his subject, giving a taste of Al Qaeda's Internet rhetoric and strategies, along with those of less well-known militant groups from Colombia to the Basque country to Chechnya." to InformationWarfare Cyberterrorism Terrorism PSYOPS on 25 June
18. Web of terror - "The suspects reportedly became radicalized through militant Web sites and received online advice from Younis Tsouli, the Britain-based Webmaster for Islamic extremist sites who called himself "Terrorist 007," before he was arrested late last year." to InformationWarfare Cyberterrorism Terrorism PSYOPS Web on 25 June
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Travel Without Moving - Erasmus Bridge
Catching up with last week's Travel Without Moving shot, this one isn't intelligence of military related, but a marvelous engineering achievement, Erasmus Bridge -- perhaps the perfect moment to demonstrate my amateur photographer skills while tripping around. I will definitely share more shots from cons and life, the way I experience it, anytime now. And meanwhile, you can take a peek at the latest addition to the Eyeball Series, the North Korean Missile Launch Furor -- catching up with a conventional weaponry doctrine is anything else but a milestone.
Google Earth and Google Maps continue making the headlines as a "threat" to national security, where the key points remain the balancing of satellite reconnaissance capabilities between developed and developing nations, the freshness of the data, and it's quality. Sensitive locations can indeed be spotted, and then again, so what? And, with the launch of Geoportail.fr the French government aims at achieving transparency, rather than overhyping this common sense "insecurity".
Google Earth and Google Maps continue making the headlines as a "threat" to national security, where the key points remain the balancing of satellite reconnaissance capabilities between developed and developing nations, the freshness of the data, and it's quality. Sensitive locations can indeed be spotted, and then again, so what? And, with the launch of Geoportail.fr the French government aims at achieving transparency, rather than overhyping this common sense "insecurity".
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, June 24, 2006
No Other Place Like 127.0.0.1
Sincere apologies for the sudden disappearance, but thanks for the interest even though I haven't been active for the last week due to quality offline activities. No other place like 127.0.0.1, and the smell of an untouched by human hand, Cold War era postage stamps glue on my high value collections -- I do own several "stamp anomalies".
Collecting postage stamps is a challenging hobby for a teenager to have, mostly because of his usually low income, and this rather expensive hobby.The solution in my case back then, was bargaining while reselling ancient coins and purchasing postage stamps through the margins.While every collection has its story on how I acquired it, perhaps the most important thing I realized back then was that, if you don't respect something, sooner or later you're going to lose it to someone with a better attitude towards it.
Posting will resume shortly, a lot has happened for a week, and the only thing I pretend I'm not good at is wasting my time. As a matter of fact, I've got some very nice comments out of a presentation held at the University of Dresden, Germany, regarding my Future trends of malware research.
Collecting postage stamps is a challenging hobby for a teenager to have, mostly because of his usually low income, and this rather expensive hobby.The solution in my case back then, was bargaining while reselling ancient coins and purchasing postage stamps through the margins.While every collection has its story on how I acquired it, perhaps the most important thing I realized back then was that, if you don't respect something, sooner or later you're going to lose it to someone with a better attitude towards it.
Posting will resume shortly, a lot has happened for a week, and the only thing I pretend I'm not good at is wasting my time. As a matter of fact, I've got some very nice comments out of a presentation held at the University of Dresden, Germany, regarding my Future trends of malware research.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tuesday, June 13, 2006
Web Application Email Harvesting Worm
This is a rare example of a web application vulnerability worm, targeting one of the most popular free email providers by harvesting emails within their 1GB mailboxes, and of course propagating further.
"Yahoo! on Monday has repaired a vulnerability in its email service that allowed a worm to harvest email addresses from a user accounts and further spread itself. The JS/Yamanner worm automatically executes when a user opens the message in the Yahoo Mail service. It uses JavaScript to exploit a flaw that until today was unpatched. Yahoo later on Monday fixed the vulnerability. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user," Yahoo! spokeswoman Kelley Podboy said in an emailed statement."
Web application worms have the potential to dominate the malware threatscape given the amount of traffic their platforms receive, my point is that even within a tiny timeframe like this, one could achieve speed and efficiency like we've only seen in single-packet worms.
In a previous post related to the "Current State of Web Application Worms", you can also find more comments and resources on the topic. Rather defensive, the content spoofing exploiting the trust between the parties that I mentioned is nothing compared to the automated harvesting in this case. As there's naturally active research done in Bluetooth honeypots, IM honeypots, ICQ honeypots, Google Hacking honeypots, it's about time to start seeding your spam trap emails within free email providers or social networking providers.
The stakes are too high not to be exploited in one way or another, I hope we'll some day get surprised by a top web property coming up with a fixed vulnerability on their own. Realizing the importance of their emerging position as attack vector for malware authors is yet another issue to keep in mind. And the best part about web services is their push patching approach, you're always running the latest version, so relaying on end users is totally out of the question.
Find out more details on the worm, and comments as well.
UPDATE: Rather active month when it comes web application malware events, another Data-Theft Worm Targets Google's Orkut.
"Yahoo! on Monday has repaired a vulnerability in its email service that allowed a worm to harvest email addresses from a user accounts and further spread itself. The JS/Yamanner worm automatically executes when a user opens the message in the Yahoo Mail service. It uses JavaScript to exploit a flaw that until today was unpatched. Yahoo later on Monday fixed the vulnerability. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user," Yahoo! spokeswoman Kelley Podboy said in an emailed statement."
Web application worms have the potential to dominate the malware threatscape given the amount of traffic their platforms receive, my point is that even within a tiny timeframe like this, one could achieve speed and efficiency like we've only seen in single-packet worms.
In a previous post related to the "Current State of Web Application Worms", you can also find more comments and resources on the topic. Rather defensive, the content spoofing exploiting the trust between the parties that I mentioned is nothing compared to the automated harvesting in this case. As there's naturally active research done in Bluetooth honeypots, IM honeypots, ICQ honeypots, Google Hacking honeypots, it's about time to start seeding your spam trap emails within free email providers or social networking providers.
The stakes are too high not to be exploited in one way or another, I hope we'll some day get surprised by a top web property coming up with a fixed vulnerability on their own. Realizing the importance of their emerging position as attack vector for malware authors is yet another issue to keep in mind. And the best part about web services is their push patching approach, you're always running the latest version, so relaying on end users is totally out of the question.
Find out more details on the worm, and comments as well.
UPDATE: Rather active month when it comes web application malware events, another Data-Theft Worm Targets Google's Orkut.
Tags:
Information Security,
Malicious Software,
New Media,
Security,
Web 2.0,
Web Application Worm,
Yahoo
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Consolidation, or Startups Popping out Like Mushrooms?
If technology is the enabler, and the hot commodity these days, spammers will definitely twist the concept of targeted marketing, while taking advantage of them. Last week I've mentioned the concepts of VoIP, WiFi and Cell phone spam that are slowly starting to take place.
Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored the technological revolution of spamming to come -- IPSec is also said to be dead by 2008..
"The current glut of anti-spam vendors is about to end, analysts at Gartner said Wednesday. But enterprises shouldn’t stay on the sidelines until the shakeout is over. By the end of the year, Gartner predicted, the current roster of about 40 vendors in the enterprise anti-spam filtering market will shrink to fewer than 10. As consolidation accelerates and as anti-spam technology continues to rapidly change, most of today’s vendors will be "left by the wayside," said Maurene Caplan Grey, a research director with Gartner, and one of two analysts who authored a recently-released report on the state of the anti-spam market."
The consequence of cheap hardware, HR on demand, angel investors falling from the sky on daily basis, and acquiring vendor licensed IP, would result in start ups popping up like mushrooms to cover the newly developed market segments, and some will stick it long enough not to get acquired given they realize they poses a core competency.
Sensor networks, spam traps, bayesian filters, all are holding the front, while we've getting used to "an acceptable level of spam", not the lack of it. What's emerging for the time being is the next logical stage, that's localized spam on native languages, and believe it or not, its gets through the filters, and impacts productivity, the major problem posed by spam.
SiteAdvisor -- I feel I'm almost acting as an evangelist of the idea -- recently responded to Scandoo's concept, by wisely starting to take advantage of their growing database, and provide the feature in email clients while protecting against phishing attacks. End users wouldn't consider insecure search by default in order to change their googling habits, they trust Google more than they would trust an extension, and they'd rather have to worry about Google abusing their click stream, compared to anything else. Anti-Phishing toolbars are a buzz, and it's nice to see the way they're orbiting around it.
Be a mushroom, don't look for an umbrella from day one!
Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored the technological revolution of spamming to come -- IPSec is also said to be dead by 2008..
"The current glut of anti-spam vendors is about to end, analysts at Gartner said Wednesday. But enterprises shouldn’t stay on the sidelines until the shakeout is over. By the end of the year, Gartner predicted, the current roster of about 40 vendors in the enterprise anti-spam filtering market will shrink to fewer than 10. As consolidation accelerates and as anti-spam technology continues to rapidly change, most of today’s vendors will be "left by the wayside," said Maurene Caplan Grey, a research director with Gartner, and one of two analysts who authored a recently-released report on the state of the anti-spam market."
The consequence of cheap hardware, HR on demand, angel investors falling from the sky on daily basis, and acquiring vendor licensed IP, would result in start ups popping up like mushrooms to cover the newly developed market segments, and some will stick it long enough not to get acquired given they realize they poses a core competency.
Sensor networks, spam traps, bayesian filters, all are holding the front, while we've getting used to "an acceptable level of spam", not the lack of it. What's emerging for the time being is the next logical stage, that's localized spam on native languages, and believe it or not, its gets through the filters, and impacts productivity, the major problem posed by spam.
SiteAdvisor -- I feel I'm almost acting as an evangelist of the idea -- recently responded to Scandoo's concept, by wisely starting to take advantage of their growing database, and provide the feature in email clients while protecting against phishing attacks. End users wouldn't consider insecure search by default in order to change their googling habits, they trust Google more than they would trust an extension, and they'd rather have to worry about Google abusing their click stream, compared to anything else. Anti-Phishing toolbars are a buzz, and it's nice to see the way they're orbiting around it.
Be a mushroom, don't look for an umbrella from day one!
Tags:
Gartner,
Information Security,
Investment Banking,
Phishing Toolbar,
Return On Investment,
Return On Security Investment,
ROI,
ROSI,
Scandoo,
Security,
SiteAdvisor
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Sunday, June 11, 2006
It's Getting Cloudy, and Delicious
For real. A brief summary of the instant links for the last two days :
01. Eight Indian Startups to Watch - "Some startups are offering unique solutions for India’s burgeoning domestic market, others are targeting global markets. Several are going after both. Red Herring has chosen a few below-the-radar young companies that we think are worth watching." - to Investing Technology India on june 10
02. 'Grand Theft Auto' Game Makers Settle With FTC - "A settlement has been reached with the companies behind the popular video game "Grand Theft Auto: San Andreas," Take-Two Interactive and subsidiary Rockstar Games, which were sued for deceptive practices over hidden sexual content in the game." - to Game Investing on june 10
03. Symbian dismisses smartphone security risk - "David Wood, executive vice president of research at Symbian, said on the Symbian website that smartphones only pose a security risk if companies ignore basic practical rules." - to Malware Symbian on june 10
04. AV management 2006 - "We have assembled a comprehensive range from the leading anti-virus products available in today’s market. During our testing, we began by checking the capacity of these respective offerings to cope with basic tasks." - to Security Malware AntiVirus on june 10
05. Zero-Day Exploits Abound at Legitimate Web Sites - "An exploit distribution network controlled by a single organization that was using a network of 40 Internet domains, each of which was linked to an average of 500 infected sites, for a total of roughly 20,000 Web pages forwarding the groups' attacks." - to 0day Vulnerabilities on june 10
06. Taiwan Faces Increasing Cyber Assaults - "A hacker managed to issue an e-mail attachment that contained a fake press release purportedly from the Military Spokesman’s Office describing a meeting between People’s First Party representatives and MND officials." - to InformationWarfare Cyberwarfare Taiwan China on june 10
07. Social- and Interactive-Television Applications Based on Real-Time Ambient-Audio Identification - "We showed how to sample the ambient sound emitted from a TV and automatically determine what is being watched from a small signature of the sound—all with complete privacy and minuscule effort." - to NewMedia Privacy Surveillance on june 10
08. The Evolution of In-Game Ads - "Marketed as a way to help game makers increase their bottom line or make specific titles more realistic, advertisers are continually searching for ways to reach new audiences—young males and beyond."- to Game Advertising ... on june 11
09. Risks of Keeping User Data Outweigh Benefits - "Large data troves are certain to become targets of hackers, identity thieves and unscrupulous insiders. As the raft of recent data breaches has shown, there are plenty of companies, organizations and government agencies that do a lousy job at securing data." - to Security on june 11
10. Protect Me, Protect My Data - "Companies that underestimate security threats to their records do so at their own peril. It can mean a loss of trust and of business." - to Security on june 11
11. Audit finds security weaknesses at NASA center - "The IG’s audit found other problems as well. System administrators also accessed a key server containing security information without adequate encryption and did not remove unnecessary services from the network." - to Security NASA on june 11
12. America's Most Stolen Vehicles - "The Cadillac Escalade had the highest theft claim rate overall, according to the HLDI, and was the most stolen SUV, according to the CCC 2004 stolen vehicle report." - to Security Theft on june 11
13. N Korea in 'US spy plane' warning - "North Korea says it will punish the US, after claiming it is conducting spying flights over its territorial waters." - to Intelligence Reconnaissance on june 11
14. McAfee SiteAdvisor to add site blocking, extend ratings beyond Web - "McAfee is planning enhancements to its recently acquired SiteAdvisor software that will allow the Web-rating application to block inappropriate Web sites, offer safety ratings for online transactions and rate Web links that appear in e-mail and IM windows. - to McAfee SiteAdvisor on june 11
15. Google and Ebay : The MBA Analysis - "In fact, as they researched the paper over the course of the year, the authors came to the conclusion that eBay had no choice but to ally with either Yahoo or Microsoft. Then the Journal reported as much, and the Yahoo/eBay deal went down." - to NewMedia Google Ebay on june 11
01. Eight Indian Startups to Watch - "Some startups are offering unique solutions for India’s burgeoning domestic market, others are targeting global markets. Several are going after both. Red Herring has chosen a few below-the-radar young companies that we think are worth watching." - to Investing Technology India on june 10
02. 'Grand Theft Auto' Game Makers Settle With FTC - "A settlement has been reached with the companies behind the popular video game "Grand Theft Auto: San Andreas," Take-Two Interactive and subsidiary Rockstar Games, which were sued for deceptive practices over hidden sexual content in the game." - to Game Investing on june 10
03. Symbian dismisses smartphone security risk - "David Wood, executive vice president of research at Symbian, said on the Symbian website that smartphones only pose a security risk if companies ignore basic practical rules." - to Malware Symbian on june 10
04. AV management 2006 - "We have assembled a comprehensive range from the leading anti-virus products available in today’s market. During our testing, we began by checking the capacity of these respective offerings to cope with basic tasks." - to Security Malware AntiVirus on june 10
05. Zero-Day Exploits Abound at Legitimate Web Sites - "An exploit distribution network controlled by a single organization that was using a network of 40 Internet domains, each of which was linked to an average of 500 infected sites, for a total of roughly 20,000 Web pages forwarding the groups' attacks." - to 0day Vulnerabilities on june 10
06. Taiwan Faces Increasing Cyber Assaults - "A hacker managed to issue an e-mail attachment that contained a fake press release purportedly from the Military Spokesman’s Office describing a meeting between People’s First Party representatives and MND officials." - to InformationWarfare Cyberwarfare Taiwan China on june 10
07. Social- and Interactive-Television Applications Based on Real-Time Ambient-Audio Identification - "We showed how to sample the ambient sound emitted from a TV and automatically determine what is being watched from a small signature of the sound—all with complete privacy and minuscule effort." - to NewMedia Privacy Surveillance on june 10
08. The Evolution of In-Game Ads - "Marketed as a way to help game makers increase their bottom line or make specific titles more realistic, advertisers are continually searching for ways to reach new audiences—young males and beyond."- to Game Advertising ... on june 11
09. Risks of Keeping User Data Outweigh Benefits - "Large data troves are certain to become targets of hackers, identity thieves and unscrupulous insiders. As the raft of recent data breaches has shown, there are plenty of companies, organizations and government agencies that do a lousy job at securing data." - to Security on june 11
10. Protect Me, Protect My Data - "Companies that underestimate security threats to their records do so at their own peril. It can mean a loss of trust and of business." - to Security on june 11
11. Audit finds security weaknesses at NASA center - "The IG’s audit found other problems as well. System administrators also accessed a key server containing security information without adequate encryption and did not remove unnecessary services from the network." - to Security NASA on june 11
12. America's Most Stolen Vehicles - "The Cadillac Escalade had the highest theft claim rate overall, according to the HLDI, and was the most stolen SUV, according to the CCC 2004 stolen vehicle report." - to Security Theft on june 11
13. N Korea in 'US spy plane' warning - "North Korea says it will punish the US, after claiming it is conducting spying flights over its territorial waters." - to Intelligence Reconnaissance on june 11
14. McAfee SiteAdvisor to add site blocking, extend ratings beyond Web - "McAfee is planning enhancements to its recently acquired SiteAdvisor software that will allow the Web-rating application to block inappropriate Web sites, offer safety ratings for online transactions and rate Web links that appear in e-mail and IM windows. - to McAfee SiteAdvisor on june 11
15. Google and Ebay : The MBA Analysis - "In fact, as they researched the paper over the course of the year, the authors came to the conclusion that eBay had no choice but to ally with either Yahoo or Microsoft. Then the Journal reported as much, and the Yahoo/eBay deal went down." - to NewMedia Google Ebay on june 11
Tags:
Cyber Warfare,
Information Security,
Information Security Market,
Information Warfare,
Security,
Security Industry
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Travel Without Moving - Georgi Markov's KGB Assassination Spot
In the spirit of the previous hot spot in the Travel Without Moving series, here's another one, this time Georgi Markov's KGB Assassination spot. Georgi Markov was killed in London, in 1978, using a tiny pellet fired from an umbrella containing 0.2 milligram dose of poison ricin.
You may also find this Time Out's briefing on London's espionage locations interesting.
You may also find this Time Out's briefing on London's espionage locations interesting.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, June 10, 2006
Going Deeper Underground
IT Security Goes Nuclear, at least that's what they say.
"Venture capitalists are predicting a "business boom below ground" as blue-chip companies turn to nuclear bunkers built at the height of the Cold War in the battle to protect sensitive electronic data. The latest private equity investor to move in on the area is Foresight Venture Partners, which has just taken a 20 per cent stake in The Bunker Secure Hosting."
But no matter how deep underground you are, you would still be providing an Internet connection given you're a hosting company. That's an open network, compared to a closed one which is more easy to control -- thick walls wouldn't matter when it comes to connectivity and insiders. It's logical for any data to be stated as secure in that type of environment, but an authorized/unauthorized "someone"will want to use and abuse it for sure.
VCs often exagerate to develop a market sector they somehow envision as profitable in the long term, the real issue is that, while the idea is very marketable, you cannon base future trends on this fact only. They'd better invest in market segments such as portable security solutions, or risk management companies such as Vontu and Reconnex, which I covered in a previous post related to insiders abuse.
"Venture capitalists are predicting a "business boom below ground" as blue-chip companies turn to nuclear bunkers built at the height of the Cold War in the battle to protect sensitive electronic data. The latest private equity investor to move in on the area is Foresight Venture Partners, which has just taken a 20 per cent stake in The Bunker Secure Hosting."
But no matter how deep underground you are, you would still be providing an Internet connection given you're a hosting company. That's an open network, compared to a closed one which is more easy to control -- thick walls wouldn't matter when it comes to connectivity and insiders. It's logical for any data to be stated as secure in that type of environment, but an authorized/unauthorized "someone"will want to use and abuse it for sure.
VCs often exagerate to develop a market sector they somehow envision as profitable in the long term, the real issue is that, while the idea is very marketable, you cannon base future trends on this fact only. They'd better invest in market segments such as portable security solutions, or risk management companies such as Vontu and Reconnex, which I covered in a previous post related to insiders abuse.
Tags:
Information Security,
Information Security Market,
Investment Banking,
Return On Investment,
Return On Security Investment,
ROI,
ROSI,
Security,
Security Industry
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
There You Go With Your Financial Performance Transparency
Truly amazing, and the inavitable consequence of communication retention in the financial sector, but I feel it's the magnitude that resulted in Enron's entire email communication achive that's seems available online right now.
"Search through more hundreds of thousands of email messages to and from 176 former Enron executives and employees from the power-trading operations in 2000-2002. For the first time, they are available to the public for free through the easy-to-use interface of the InBoxer Anti-Risk Appliance. Create a free account, and go to work. You can search for words, phrases, senders, recipients, and more."
The interesting part is how their ex-risk management provider is providing the data, in between fighting with the Monsters in Your Mailbox.
"Search through more hundreds of thousands of email messages to and from 176 former Enron executives and employees from the power-trading operations in 2000-2002. For the first time, they are available to the public for free through the easy-to-use interface of the InBoxer Anti-Risk Appliance. Create a free account, and go to work. You can search for words, phrases, senders, recipients, and more."
The interesting part is how their ex-risk management provider is providing the data, in between fighting with the Monsters in Your Mailbox.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
All Your Confidentiality Are Belong To Us
The proof that commercial and open source encryption has surpassed the technologies to police it, or the idea that privacy and business growth as top priorities would ruin the whole initiative?
"The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals. Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) will, as it stands, give police the authority to force organisations and individuals to disclose encryption keys. The Government issued the public consultation on the code of practice for Part III, which will regulate how police and the courts use powers under the legislation, on Wednesday."
It would be interesting to see how they would initiate the response from individuals, without raising the the eyebrows on the majority of civil liberties watch dogs out there and, of course, businessess. That's of course, assuming they use encryption at the first place. Could be much more "wiser" to take advantage of covert practices to obtain the necessary information, instead of "forcing" this measure -- detecting encrypted/covert communication channels is another topic. Moreover, compared to the Australian police whose capabilities of obtaining information on criminals include the use of spyware is a bit contraversial, but adaptave approach.
If national infrastructure security matters, have individuals and enterprises personally take care of their security and encryption keys, promote data encryption, instead of dictating the vibrations by slowing down the basics through such laws.
"The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals. Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) will, as it stands, give police the authority to force organisations and individuals to disclose encryption keys. The Government issued the public consultation on the code of practice for Part III, which will regulate how police and the courts use powers under the legislation, on Wednesday."
It would be interesting to see how they would initiate the response from individuals, without raising the the eyebrows on the majority of civil liberties watch dogs out there and, of course, businessess. That's of course, assuming they use encryption at the first place. Could be much more "wiser" to take advantage of covert practices to obtain the necessary information, instead of "forcing" this measure -- detecting encrypted/covert communication channels is another topic. Moreover, compared to the Australian police whose capabilities of obtaining information on criminals include the use of spyware is a bit contraversial, but adaptave approach.
If national infrastructure security matters, have individuals and enterprises personally take care of their security and encryption keys, promote data encryption, instead of dictating the vibrations by slowing down the basics through such laws.
Tags:
Anonymity,
Censorship,
Cryptography,
Encrypted Communication,
Encryption,
Information Security,
Internet Censorship,
Privacy,
RIPA,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Friday, June 09, 2006
Brace Yourself - AOL to Enter Security Business
In the re-emergence of the Web, AOL got the attention it never imagined it would get, Microsoft and Google fighting for a share of its modest, but strategic amount of eyeballs. After being an exclusive part of Time Warner's balance sheet since its early acquisition, and with a $510M fine, dial-up business that was profitable by the time telecoms started offering cable connections, due to the years of infrastructure renovation, the though to be mature online advertising model is what saved it. Now, AOL is basically putting half its leg into the red hot security market and wisely playing it safe as :
"AOL plans to expand into security services with the release of the Active Security Monitor, expected on Thursday. The program would also check to make sure Internet Explorer is properly configured to prevent security holes. "ASM determines a security score for your PC, and for all other PCs in your home network, by evaluating the status of all the major components needed for a robust system: Anti-Virus software, Anti-Spyware software, Firewall protection, Wireless Security, Operating System, Web Browser, Back up software and PC Optimization."
After the scoring, I presume it would "phone back home" and let AOL know what end users are mostly missing, then a solution provided by AOL, or a licensee would follow. Benchmarking against AOL's understanding of application based security is tricky, and I bet you already know the programs necessary to establish common sense security on your PC/network. Who's next to enter the security industry besides Microsoft and AOL, perhaps DoubleClick?
CNET has naturally reviewed the Active Security Monitor.
"AOL plans to expand into security services with the release of the Active Security Monitor, expected on Thursday. The program would also check to make sure Internet Explorer is properly configured to prevent security holes. "ASM determines a security score for your PC, and for all other PCs in your home network, by evaluating the status of all the major components needed for a robust system: Anti-Virus software, Anti-Spyware software, Firewall protection, Wireless Security, Operating System, Web Browser, Back up software and PC Optimization."
After the scoring, I presume it would "phone back home" and let AOL know what end users are mostly missing, then a solution provided by AOL, or a licensee would follow. Benchmarking against AOL's understanding of application based security is tricky, and I bet you already know the programs necessary to establish common sense security on your PC/network. Who's next to enter the security industry besides Microsoft and AOL, perhaps DoubleClick?
CNET has naturally reviewed the Active Security Monitor.
Tags:
Active Security Monitor,
AOL,
Information Security,
Information Security Market,
Return On Investment,
Return On Security Investment,
ROSI,
Security,
Security Industry
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Thursday, June 08, 2006
An Over-performing Spammer
Th3 4r7 0f $3nd!ng spam messages is evolving like never before, and while spammers are still catching up with the newest technologies such as VoIP, WiFi, Cell phones -- newest at least in respect to spamming -- trying to avoid the now mature indystry's practices, and taking advantage of the growing economies and their newbie users as victims, is what keeps it going.
I simply couldn't resist not to share this, seems like this spammer is totally overperforming himself. How would I fell a victim into this, given I cannot read what I'm about to get scammed with?
Spammers today are in a world of pain when it comes to the industry's experience in detecting their messages, still, spam continues to represent the majority of email traffic worldwide, and it's getting more creative. Images, "marketing" messages that you can barely read, old psychological tricks, but still, out of couple of million messages, someone still takes it personal, and feels like making a deal online.
Why spamming works? Because of the ubiquity of email, because of the freely available, marketed as fresh, email lists, and at the bottom line, the price for a spammer to send couple of million emails is getting lower with botnets on demand becoming a commodity. End users, end up sending spam to themselves for being infected with malware. What's next? Spamming is still catching up with the technological posibilities, and Chinese telecom operators for instance happen to be the most experienced ones in filtering mobile phones spam -- guess they're also over-performing in between censorship.
I simply couldn't resist not to share this, seems like this spammer is totally overperforming himself. How would I fell a victim into this, given I cannot read what I'm about to get scammed with?
Spammers today are in a world of pain when it comes to the industry's experience in detecting their messages, still, spam continues to represent the majority of email traffic worldwide, and it's getting more creative. Images, "marketing" messages that you can barely read, old psychological tricks, but still, out of couple of million messages, someone still takes it personal, and feels like making a deal online.
Why spamming works? Because of the ubiquity of email, because of the freely available, marketed as fresh, email lists, and at the bottom line, the price for a spammer to send couple of million emails is getting lower with botnets on demand becoming a commodity. End users, end up sending spam to themselves for being infected with malware. What's next? Spamming is still catching up with the technological posibilities, and Chinese telecom operators for instance happen to be the most experienced ones in filtering mobile phones spam -- guess they're also over-performing in between censorship.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Bedtime Reading - Rome Inc.
If the Baby Business helped you envision the future, "Rome Inc - The Rise and Fall of the First Multinational Corporation" is going to help you perceive the past within today's corporate culture -- and Stanley Bing makes good points on every stage of the empire.
Basically, the book emphasizes on the "first multinational corporation" Rome, selling the ultimate product of its time - citizenship. Moreover, it goes in-depth into the concept of moguls and anti-moguls, and how their tensions indeed create an enterpreneurial and corporate culture in 120 A.D.
Every industry has moguls and anti-moguls, the behind the curtain disruptors at a specific stage. What are some of the characteristics of a mogul?
- Commision their PR
- Exercise power when feeling endangered -- elephants against the mice warfare
- Indirectly control the media that's "winning points" for quotations, and "credible" content
- Generally, tend to believe in being the Sun, when the universe tends to have so many dwarfs, and dimensions altogether
- Hide behind C-level positions
- Talk more than actually listen
- When they sneeze the whole industry gets cold
Certain societies, if not all, get obsessed with superficially creating heroes, so profesionally that at a certain point, the "hero" cannot deny any of the praises, but starts living with them and the load that comes altogether. Get hold of this masterpiece, you're gonna love it!
Basically, the book emphasizes on the "first multinational corporation" Rome, selling the ultimate product of its time - citizenship. Moreover, it goes in-depth into the concept of moguls and anti-moguls, and how their tensions indeed create an enterpreneurial and corporate culture in 120 A.D.
Every industry has moguls and anti-moguls, the behind the curtain disruptors at a specific stage. What are some of the characteristics of a mogul?
- Commision their PR
- Exercise power when feeling endangered -- elephants against the mice warfare
- Indirectly control the media that's "winning points" for quotations, and "credible" content
- Generally, tend to believe in being the Sun, when the universe tends to have so many dwarfs, and dimensions altogether
- Hide behind C-level positions
- Talk more than actually listen
- When they sneeze the whole industry gets cold
Certain societies, if not all, get obsessed with superficially creating heroes, so profesionally that at a certain point, the "hero" cannot deny any of the praises, but starts living with them and the load that comes altogether. Get hold of this masterpiece, you're gonna love it!
Tags:
Bed Time Reading,
Growth Hacker,
Information Warfare,
New Media,
Online Advertising,
Online Marketing,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tuesday, June 06, 2006
Phantom Planes in the Skies
I can barely imagine the panic with a non-responding -- can it respond when it's not there? -- plane in the sky, at least by the time a visual confirmation reveals the truth. In the post 9/11 world, airports were among the first strategic targets to get the funding necessary to protect against the threats fabricated in a think-tank somewhere. Money are wasted in this very same fashion on a daily basis, with no clear ROI, just established social responsibility and common sense security. Disinformation can always happen in sky, as "Flaw may lead to air chaos". From the article :
"Hackers armed with little more than a laptop could conjure up phantom planes on the screens of Australia's air traffic controllers using new radar technology, warns Dick Smith. The prominent businessman and aviator claims to have found another serious security flaw in the new software being introduced into the air traffic control system. He has challenged Transport Minister Warren Truss to allow him to set up a demonstration of the problem at a test of the technology in Queensland to show how hackers could exploit the automatic dependent surveillance broadcasting (ASD-B) system to create false readings on an air traffic controller's screen. The air space activist says he was told of the flaw by US Federal Aviation Administration staff."
Compared to a speculation I described in a previous post "Why's that radar screen not blinking over there?", these practices are highly natural to ELINT planes/warfare, and in the capabilities of experienced staff members as pointed out in the article. Everything is buggy, and so is the ASD-B system for sure, but the problem from my point of view, is the possibility for a "talkative leakage", and the procedures, if any, to internally report bugs like these, and get them fixed of course.
Phantom Warhawk image courtesy of Les Patterson.
"Hackers armed with little more than a laptop could conjure up phantom planes on the screens of Australia's air traffic controllers using new radar technology, warns Dick Smith. The prominent businessman and aviator claims to have found another serious security flaw in the new software being introduced into the air traffic control system. He has challenged Transport Minister Warren Truss to allow him to set up a demonstration of the problem at a test of the technology in Queensland to show how hackers could exploit the automatic dependent surveillance broadcasting (ASD-B) system to create false readings on an air traffic controller's screen. The air space activist says he was told of the flaw by US Federal Aviation Administration staff."
Compared to a speculation I described in a previous post "Why's that radar screen not blinking over there?", these practices are highly natural to ELINT planes/warfare, and in the capabilities of experienced staff members as pointed out in the article. Everything is buggy, and so is the ASD-B system for sure, but the problem from my point of view, is the possibility for a "talkative leakage", and the procedures, if any, to internally report bugs like these, and get them fixed of course.
Phantom Warhawk image courtesy of Les Patterson.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Where's my Fingerprint, Dude?
Personal data security breaches continue occurring, and with the trend towards evolving to a digital economy, it's inevitably going to get ever worse. In a recently revealed case "Lost IRS laptop stored employee fingerprints", from the article :
"A laptop computer containing fingerprints of Internal Revenue Service employees is missing, MSNBC.com has learned. The computer was lost during transit on an airline flight in the western United States, IRS spokesman Terry Lemon said. No taxpayer information was on the lost laptop, Lemon said. In all, the IRS believes the computer contained information on 291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth."
For the time being the largest accommodator of fingerprints in the world is the U.S.A, and this fact affects anyone that enters the U.S. My point is that, given the unregulated ways of classifying, storing, transfering and processing such type of information would result in its inavitable loss -- bad in-transfer security practices or plain simple negligence.
As we're also heading to a biometrics driven society, the impact of future data security breaches will go way beyond identity theft the way we know it -- lost and stolen voice patterns, DNAs, and iris snapshots would make the headlines. You might also be interested in knowing how close that type of "future scenario" really is given the modest genetic database of 3 million Americans already in existence.
Things are going to get very ugly, and it's not the privacy issue that bothers me, but the aggregation of such type of data at the first place, and who will get to steal it. It's perhaps the perfect market timing moment to start a portable security solution provider, or resell ones know-how under license, of course.
"A laptop computer containing fingerprints of Internal Revenue Service employees is missing, MSNBC.com has learned. The computer was lost during transit on an airline flight in the western United States, IRS spokesman Terry Lemon said. No taxpayer information was on the lost laptop, Lemon said. In all, the IRS believes the computer contained information on 291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth."
For the time being the largest accommodator of fingerprints in the world is the U.S.A, and this fact affects anyone that enters the U.S. My point is that, given the unregulated ways of classifying, storing, transfering and processing such type of information would result in its inavitable loss -- bad in-transfer security practices or plain simple negligence.
As we're also heading to a biometrics driven society, the impact of future data security breaches will go way beyond identity theft the way we know it -- lost and stolen voice patterns, DNAs, and iris snapshots would make the headlines. You might also be interested in knowing how close that type of "future scenario" really is given the modest genetic database of 3 million Americans already in existence.
Things are going to get very ugly, and it's not the privacy issue that bothers me, but the aggregation of such type of data at the first place, and who will get to steal it. It's perhaps the perfect market timing moment to start a portable security solution provider, or resell ones know-how under license, of course.
Tags:
Biometrics,
Data Breach,
Hacked Database,
Information Security,
Insider,
Insider Threat,
Internal Revenue Service,
IRS,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Sunday, June 04, 2006
Skype as the Attack Vector
It's often hard to actually measure the risk exposure to a threat, given how overhyped certain market segments/products' insecurities get with the time. Gartner, and the rest of the popular marketing research agencies seem to be obsessed with Skype as the major threat to enterprises, while Skype isn't really bad news, compliance is, in respect to VoIP, P2P, IM and Email communications retention or monitoring. From the article :
"The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned. Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient's computer and data. This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype," wrote Gartner research director Lawrence Orans in an online research note. "Because the Skype client is a free download, most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."
There's a slight chance an enterprise isn't already blocking Skype, using both, commercial and public methods wherever applicable. Moreover, it would be much more feasible to consider the fact that, if the enterprise -- assuming a U.S one -- isn't blocking the use of Skype, it must somehow monitor/retain its use in order to comply with standard regulations. Skype poses the following problems :
- inability for the enterprise to retain the IM and VoIP sessions in accordence with regulations
- wasted bandwidth costing loss productivity and direct cash outflows, slowdown for critical network functions
- covert channels possibilities
Several months ago, Skype was also discussed as a command'n'control application for botnets, while steganography based communications and plain-simple encrypted/stripped IRCd sessions remain rather popular. Malware authors are actively looking for ways to avoid IRC given the popularity it has gained and the experience botnet hunters have these days.
Skype is the last problem to worry about, as in this very same way the recent vulnerabilities in major market leading AVs would have had a higher risk exposure factor as there's a greater chance of occurrence of malware, than a Skype vulnerability. It's the vulnerabilities in software in principle you have to learn how to deal with, and third-party applications that somehow make it on your company's network.
More resources :
Skype Security Evaluation
Silver Needle in the Skype
Skype Security and Privacy Concerns
Impact of Skype on Telecom Service Providers
"The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned. Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient's computer and data. This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype," wrote Gartner research director Lawrence Orans in an online research note. "Because the Skype client is a free download, most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."
There's a slight chance an enterprise isn't already blocking Skype, using both, commercial and public methods wherever applicable. Moreover, it would be much more feasible to consider the fact that, if the enterprise -- assuming a U.S one -- isn't blocking the use of Skype, it must somehow monitor/retain its use in order to comply with standard regulations. Skype poses the following problems :
- inability for the enterprise to retain the IM and VoIP sessions in accordence with regulations
- wasted bandwidth costing loss productivity and direct cash outflows, slowdown for critical network functions
- covert channels possibilities
Several months ago, Skype was also discussed as a command'n'control application for botnets, while steganography based communications and plain-simple encrypted/stripped IRCd sessions remain rather popular. Malware authors are actively looking for ways to avoid IRC given the popularity it has gained and the experience botnet hunters have these days.
Skype is the last problem to worry about, as in this very same way the recent vulnerabilities in major market leading AVs would have had a higher risk exposure factor as there's a greater chance of occurrence of malware, than a Skype vulnerability. It's the vulnerabilities in software in principle you have to learn how to deal with, and third-party applications that somehow make it on your company's network.
More resources :
Skype Security Evaluation
Silver Needle in the Skype
Skype Security and Privacy Concerns
Impact of Skype on Telecom Service Providers
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Travel Without Moving - KGB Lubyanka Headquarters
Yet another hot spot in this week's Travel Without Moving series - this time it's Lubyanka Square's KGB Headquarters. There are still lots of Cold War sentiments in the air among yesterday's and today's super powers and you just can't deny it. Today's FSB, the successor to the KGB, is taking a very serious approach towards counter-intelligence, and offensive scientific intelligence practices in a much more synergetic relationship with the academic world compared to years ago. While the CIA is undisputably the most popular foreign intelligence agency, and more of a front end to the NSA itself from my point of view, the KGB still remains reponsible for very important and "silent" moments in the world's history.There were moments in the very maturity of the Cold War, when both, the CIA, and the KGB were on purposely disinforming their operatives in order to keep them motivated and fuel the tensions even more, but compared to the CIA with its technological know-how, KGB's HUMINT capababilities didn't get surpassed by technologies. Among the key success factors for the intelligence agency was the centralized nature of the command of chain, total empowerment, common and obsessive goal, and clear enemy.
Today's trends mostly orbit around :
- information sharing, that is less complexity among different departments and agencies
- win-win information sharing among nations
- offensive and defensive CYBERINT, harnessing the power, or protecting against the threats posed by the digital era
- automated and efficient mass surveillance practices- eliminating "safe heavens"
In case you really want to go in-depth into what has happened during the last couple of decades, Vasilli Mitrohih's KGB Archives are worth reading. And the true-retro gamers can take the role of "Captain Maksim Mikahilovich Rukov, recently transferred to the Department P from the GRU after three years' duty to investigate possible corruption inside the KGB (after a former agent turned private eye was found murdered). However, as the plot progresses, Rukov finds himself investigating a party hardliner anti-perestroika plot that threatens the life of General Secretary Mikhail Gorbachev" while playing KGB - Conspiracy game.
Today's trends mostly orbit around :
- information sharing, that is less complexity among different departments and agencies
- win-win information sharing among nations
- offensive and defensive CYBERINT, harnessing the power, or protecting against the threats posed by the digital era
- automated and efficient mass surveillance practices- eliminating "safe heavens"
In case you really want to go in-depth into what has happened during the last couple of decades, Vasilli Mitrohih's KGB Archives are worth reading. And the true-retro gamers can take the role of "Captain Maksim Mikahilovich Rukov, recently transferred to the Department P from the GRU after three years' duty to investigate possible corruption inside the KGB (after a former agent turned private eye was found murdered). However, as the plot progresses, Rukov finds himself investigating a party hardliner anti-perestroika plot that threatens the life of General Secretary Mikhail Gorbachev" while playing KGB - Conspiracy game.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, June 03, 2006
May's Security Streams
Here's May's summary of all the security streams during the month. This is perhaps among the few posts in which I can actually say something about the blog, the individual behind it, and its purpose, which is to - question, provoke, and inform on the big picture. After all, "I want to know God's thoughts... all the rest are details", one of my favorite Albert Einstein's quotes. The way we often talk about a false feeling of security, we can easily talk about a false feeling of blogging, and false feeling of existence altogether. It is often assumed that the more you talk, the more you know, which is exactly the opposite, those that talk know nothing, those that don't, they do. There's nothing wrong with that of refering to yourself, as enriching yourself through past experience helps you preserve your own unique existence, and go further. Awakening the full potential within a living entity is a milestone, while self preservation may limit the very development of a spirit -- or too much techno thrillers recently? :)
It's great to see that a knowledgeble audience has become a daily reality at this blog, it's never too late to meet new friends or their pseudo personalities. I've also included this month's stats area graph so you can get a grasp of the activity, go through past summaries for - January, February, March and April, in case your brain is hungry for more knowledge.
It is my opinion that the more uninformed the end user is, the less incentive for the vendors to innovate at the bottom line, and on the other hand, it is also easier for a vendor to put emphasize on current trends, instead of emerging ones -- which is what is going to add value to its propositonin the long-term. It's more profitable to treat the disease, instead of curing it. And while curing one doesn't mean curing all, it's a progress. So, I inform both sides and everyone in between. Information has never been free, but it wants to be free, so enjoy, syndicate, and keep yourself up-to-date with my perception on information warfare and information security, even when I'm not blogging, but just linking!
01. Biased Privacy Violation
While the site's niche segment has a lot of potential, I doubt it would scale enough to achieve its full effect. Providing Ex-couples with the microphone to express their attitudes is as quistionable as whether playing 3D shooters actually limits or increases violance.
02. Travel Without Moving - Typhoon Class Submarines
There're a lot of strategic security issues going beyond the information security market, and that is the defense and intelligence community's influence on the world. What used to be a restricted, or expensive practice, satellite imageryis today's Google Earth/Maps's service on a mass scale, anyone can zoom in front of the NSA. And as it's obvious you can spot things you can somehow define as sensitive locations though Google Earth/Maps, the question is so what? I've managed to dig quite some interesting locations I haven't seen posted anywhere and will be adding them shortly, feel free to suggest a spot if you have something in mind. The series in no way compete with the Eyeball-Series.org, though I wish.
03. The Current State of Web Application Worms
Web application worms, their potential and possible huge-scale impactis a topic that's rarely covered as an emerging trend by the mainstream media sources. On the other hand, over 200 words acticles on yet another malware variant going in depth into how the Internet is driving force for the E-commerce revolution, and how a ransomware pience of malware is changing this.The problem is rather serious due to the common type of web application vulnerabilities huge eyeball aggregators suffer from. Whether it's speed or infected population to use as a benchmarking tool, just like packet-type of worms, web application worms are foundamental for the creation of a Superworm beneath the AV sensor's radar.
04. Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Resoucesful post providing overview of the most recent developments inthe emerging market for software vulnerabilities, and the possibilityto secure future vulnerability releases. As Adam at Emergentchaos.com pointed out, the legality of such markets is among the cons of the idea, which is perhaps the time to consider the usability of markets for what's turning into a commodity - security vulnerabilities. The major problem which prompts for the need of such, is the current "private club" only vulnerability sharing practices among the infomediaries, but it can easily be argued that empowering vulnerability diggers, not researchers, isn't the smartest thing the community can do.
Vendors are often discussed as liable for the vulnerabilities in their software, but it's like blaming a dating service for not generating you dates, my point is that you cannot simply blame vendors for the vulnerabilities in their software as it would result in a major slowdown of innovation. Think about it, we all hate Bill Gates and use, while trying to avoid Microsoft's products pretty much everywhere, monocultures are bad, we'd better have half the Internet using MACs, and the other Windows so there would be an incentive and fair "allocation of resources" targeting both sides, as the plain truth is that malicious attackers aren't just attacking these days, they are gaining scale and becoming efficient. In a free market, where market forces invisibly shape and guide it, there's little room for socially oriented iniciatives like these. Today's software and technologies are shipped to get adapted, that's insecure ones we become dependent on, to later find out we have the live with their insecurities -- no one is perfect, and being all well-rounded is so boring at the bottom line.
If we were to start "thinking Security" everywhere, there wouldn't be anything left in respect to usability at the end of the day. And as I've pointed out in a previous post on valuing security, if security doesn't bring anything tangible, but prevents risks, that's the cornerstone of the problems arising with justifying expenditures. The Internet we've become so addicted and dependent on wasn't build with security in mind, but our conscious or subconscious marginal thinking gave us no choice, either live with the vulnerabilities and take advantage of its benefits, or stop using it at all. If we were to start thinking security first, there wouldn't be Internet at all, at least not in our lifetime. ISPs avoiding to take action on customers participating in botnets as they still haven't managed to find a way to commercialize the service, or Microsoft shipping its products in root mode and with all features turned on by default, are important points to keep in mind when refering to the practice of threatening and not curing deceases.
You cannot blame vendors for the security vulnerabilities in their software, you can blame them for the huge windows of opportunities their lack of action opens, and lack of overal commitment towards mitigating the threats posed by these, now, how you would you go to turn your day dreaming into a measurable metric, even come up with a benchmark is challenging -- a challenge ruined by the value of keeping an 0day, a truly 0day one.
05. The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
There you go with your fully realistic 1984 scenario, I wonder would the idea constitute mass surveillance and social networking analysis altogether. DIY alternatives are gaining popularity, and the cell phone industry doesn't really want to be perceived as an "exact location"provider, rather communication services. The excuse if it becomes habitual? Well, since there's no Cold War anymore -- just sentiments -- it's Terrorism today.
06. Snooping on Historical Click Streams
It was about time Google reposition itself as a search company, not as a new media one heading towards portalization. There's nothing wrong with the idea, the realityis they can never catch up with Yahoo -- and they shouldn't! Spending some time with the feature, and you will be able to verify most of your previous research findings, or come across to surprising ones. Do you trust Google and its geolocation services at the bottom line? I do.
07. Pass the Scissors
It's never too late to earn a buck for printing currency, even in times of inflation in between.
08. Is Bin Laden Lacking a Point?
Google trends point to Washington DC as the region with the highest interest in Bin Laden, not surprising isn't it? I feel the entire idea of an organizational hierarchy and Bin Laden on the top is an oudated thinking, but a marketable one forwarding the entire responsibility to one person, who at the end of day wouldn't have any choice but to accept it, even though he had nothing to do with something in particular. Leadership is critical, and so is possible successorship. An image is worth a thousand words in this case!
09. Pocket Anonymity
Harnesing the power of established brands in privacy, encryption and anonymity services and providing portability is a great idea, no doubt, but what I'm missing is a targeted market, a clear positioning, is it privacy or anonymity provider, as there's a huge difference between the two of these. A free alternative to the idea as well.
10. Travel Without Moving - Scratching the Floor
No comment, just awareness.
11. Terrorist Social Network Analysis
Seems like social network analysis practices apply to terrorist organizations as well, and why wouldn't they? As you can see, there isn't big of a different between a Fortune 500 organization, and a terrorist one, the only problem and downsize is the inability to take advantage of the momentum, historical findings out of data mining are useful for power point slides seeking further investment, and that's it.
12. Valuing Security and Prioritizing Your Expenditures
Reactive, Proactive, or Adaptive, what's your security strategy, and what's your return on security investment?
13. EMP Attacks - Electronic Domination in Reverse
Did you know that Stalin was aware of the U.S's A-bomb, even before Harry Truman was? -- the consequence of too much secrecy sometimes! EMP attacks get rarely discussed, yet today's portability of these and potential for chaos put them on the top of my watch list. There have been numerous ongoing Cybersecurity and critical infrastructure security exercies in the U.S for the last couple of years, and while military equipment goes through hardening process, Russia remains a key innovator whose capabilities have surpassed their own expectations. Cyber warfare is the next Revolution in Military Affairs, and it would be naive not to keep thinking of sneaky attacks, the weakest point in an IT and electronics dependent society.
14. Insider Competition in the Defense Industry
Where else, if not in the defense industry?
15. Techno Imperialism and the Effect of Cyberterrorism
Today's public perception of Cyberterrorism is so stereotyped, perhaps due to one basic reality - you cannot fight Cyberterrorism, the way you can blow up a cave in Afghanistan, and it's a big problem. While public accountability is easily achieved through Cybersecurity exercises, there isn't a better tool for propaganda, recruitment, communication and research than the Internet, and as you're about to find out, there are ongoing initiatives to crawl the Web for terrorist web sites, analyze terrorist speaking communication patters on web forums, and how encryption, flight simulator programs are an unseperable reality of the concept.
As the conspiracy theorist inside me is screaming, there used to be a speculation how Disney on purposely brainwashed the perception of UFOs in its content, to make it more user-friendly excuse, and put everyone who's talking the opposite turns into the usual "that's the guy that has seen them" unfavorable position. Today's coverage on Cyberterrorism doesn't provoke discussion, instead it always tries to communicate and question the credibility of the idea, with the usual scenarios relating to SCADA devices, terrorists melting down power plants and the rest of the science-fiction stories. In all my posts on Cyberterrorism, a topic I've been actively writing on, and following for some years, I always point out that terrorists are not rocket scientists unless we make them feel so -- or have benefits to think they are.
16. Travel Without Moving - Cheyenne Mountain Operations Center
Cheyenne Mountain Operations Center from Google Maps, and a summary of a report onGoogle Earth's security implications, I hope you'll manage to get your hands on, the way I did through a friend.
17. Nation Wide Google Hacking Initiative
I like the idea of auditing a nation's cyber space through Google Hacking, the only problem is communicating the value to public and to the companies/sites. What can be defined as sensitive information leaked through Google, and who's the attacker? Is it a script kiddie, a google hacker, a foreign intelligence personel, or foreign company conducting unethical competitive intelligence? Knowing, or at least theorizing on the possible adversaries will lead your auditing practices to an entirely new level.
18. Espionage Ghosts Busters
No government is comfortable with having to smile at Chinese people, or how their economy is evolving from supplier to manufacturer, still there isn't any serious ground for this case -- besides and uncomfortability issue.
19. Arabic Extremist Group Forum Messages' Characteristics
Great research on today's fully realistic scenario of terrorists communicating over the Web, the public one, as basic authentication would have stopped such automated approaches for sure. What can you actually find with that type of intelligence, real terrorists communications, or growing propaganda sentiments, in between pro-democratic individuals to be recruited?
20. The Current, Emerging, and Future State of Hacktivism
A very well researched dissertation, a lot of visionary thoughts while it goes back to the basics. It is doubtful whether hacktivism would cease to exist despite the for-profit malicious attacks these days, as anarchists, governments, patriots or script kiddies, they all have an opinion on how things should be.
21. Bedtime Reading - The Baby Business
What's a "better" kid, and why you don't need one? Controllable uncertainty can be exciting sometimes, but as always, life's too short to live with uncertainty!
22. Travel Without Moving - Korean Demilitarized Zone
A post with an emphasis on North Korea, which as a matter of fact got recently a decline from the U.S on two-way talks on whether the U.S would condemn their nuclear program. As I've pointed out, there are just looking for attention, while the U.S is sticking to six way talks only. Iran truly took advantage of the overly bad publicity for the U.S around the world.
23. Aha, a Backdoor!
A smart way to fuel growth in homeland security solutions is to be able to exempt publicly traded companies from reporting these activities, and with the SEC trying to achieve better transparency in its data reporting practies, it opens up a huge backdoor for enterprises to take advantage of, without any short-term accountability, or transparency requirements for the use of their stockholder's money. It's the corporate world!
24. Forgotten Security
Forgotten what if security plans on a possible assassination to be precise. It's a like a situationwhere a newly graduated wannabe marketer is asked to conduct a marketing research for a future release of a product, and he just opens his bag and brings out a textbook, and starts looking it up.
25. Delaying Yesterday's "0day" Security Vulnerability
Nothing groundbreaking as this is today's reality for everyone, and there isn't such thing as a true 0day vulnerability these days. Oday to who, to the media, to the underground, to the market, or to the researcher who's catching up with a week of backlog?
26. Who's Who in Cyber Warfare?
In the future the majority of Cyber wars would be waged by nations, and the maturity of their understanding of the concept, and actual capabilities is again going to put the masses as a hostage in between. Defensive or offensive motives behind further development, armies will be defeated, and battles will be won in Cyberspace -- whether by infowar guerilla-fighters, corporations, or nations is the beaty of this uncertain growing reality.
27. No Anti Virus Software, No E-banking For You
Great idea, lot's of revenues for the AV vendor, end users with a feeling of security, all looks and sounds great, but it isn't, as these are the basics. An AV solution doesn't mean you won't get hacked, your financial information stolen, and your home PC won't end up in a botnet, it means there's less chance for it to happen now. Is this campaign worth the publicity and in respect to retaining the bank's customers? I feel it is, but it's where the whole process of bank2customer safety practices communication begins.
28. Microsoft in the Information Security Market
McAfee and Symantec have greatly felt the pressure from Microsoft's ambitions, as they've simultaneously released information on their alternatives of OneCare, all-in-one security and PC tunning for the masses. Moreover, IP violation suits and the rest truly represent the threat, and while I don't see any, I avoid the fact that this is what the end user really needs. And with all the buzz about OneCare, Microsoft's distribution channels, channel partners and strategic partnerships, it would be hard for them to stop using OneCare in an year. That's why McAfee, and Symantec's releases of alternatives neatly ruined the pionner position Microsoft could have taken. Now it's the same old information security market, the one you're so comfortable with, McAfee and Symantec providing security solutions as their first priority, and Microsoft, positioned as a follower catching up. Smart move!
29. Covert Competitive Intelligence
With enterprises considering key extranet participants as potential attack vectors, and web-integration of backend systems as potential targets, insiders are benefiting from within. Dealing with "hackers", malware, firewalls configuration etc. is part of the problem of perimeter based and application based defense. Consider taking into consideration, organizational threats such as insiders, and figure out a cost-effective way of dealing with this hard to detect, measure and secure against threat.
30. The Global Security Challenge - Bring Your Know-How
How would you be more creative, knowing how much is your budget and trying to allocate it for the idea of allocating it, or coming up with the idea first and then trying to commercialize it? Budget allocation is a daily practice, but the way it empowers, the very same way it wastes resources, ones usually wrongly allocated.
Healthy Paranoia
I really feel you.
It's great to see that a knowledgeble audience has become a daily reality at this blog, it's never too late to meet new friends or their pseudo personalities. I've also included this month's stats area graph so you can get a grasp of the activity, go through past summaries for - January, February, March and April, in case your brain is hungry for more knowledge.
It is my opinion that the more uninformed the end user is, the less incentive for the vendors to innovate at the bottom line, and on the other hand, it is also easier for a vendor to put emphasize on current trends, instead of emerging ones -- which is what is going to add value to its propositonin the long-term. It's more profitable to treat the disease, instead of curing it. And while curing one doesn't mean curing all, it's a progress. So, I inform both sides and everyone in between. Information has never been free, but it wants to be free, so enjoy, syndicate, and keep yourself up-to-date with my perception on information warfare and information security, even when I'm not blogging, but just linking!
01. Biased Privacy Violation
While the site's niche segment has a lot of potential, I doubt it would scale enough to achieve its full effect. Providing Ex-couples with the microphone to express their attitudes is as quistionable as whether playing 3D shooters actually limits or increases violance.
02. Travel Without Moving - Typhoon Class Submarines
There're a lot of strategic security issues going beyond the information security market, and that is the defense and intelligence community's influence on the world. What used to be a restricted, or expensive practice, satellite imageryis today's Google Earth/Maps's service on a mass scale, anyone can zoom in front of the NSA. And as it's obvious you can spot things you can somehow define as sensitive locations though Google Earth/Maps, the question is so what? I've managed to dig quite some interesting locations I haven't seen posted anywhere and will be adding them shortly, feel free to suggest a spot if you have something in mind. The series in no way compete with the Eyeball-Series.org, though I wish.
03. The Current State of Web Application Worms
Web application worms, their potential and possible huge-scale impactis a topic that's rarely covered as an emerging trend by the mainstream media sources. On the other hand, over 200 words acticles on yet another malware variant going in depth into how the Internet is driving force for the E-commerce revolution, and how a ransomware pience of malware is changing this.The problem is rather serious due to the common type of web application vulnerabilities huge eyeball aggregators suffer from. Whether it's speed or infected population to use as a benchmarking tool, just like packet-type of worms, web application worms are foundamental for the creation of a Superworm beneath the AV sensor's radar.
04. Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Resoucesful post providing overview of the most recent developments inthe emerging market for software vulnerabilities, and the possibilityto secure future vulnerability releases. As Adam at Emergentchaos.com pointed out, the legality of such markets is among the cons of the idea, which is perhaps the time to consider the usability of markets for what's turning into a commodity - security vulnerabilities. The major problem which prompts for the need of such, is the current "private club" only vulnerability sharing practices among the infomediaries, but it can easily be argued that empowering vulnerability diggers, not researchers, isn't the smartest thing the community can do.
Vendors are often discussed as liable for the vulnerabilities in their software, but it's like blaming a dating service for not generating you dates, my point is that you cannot simply blame vendors for the vulnerabilities in their software as it would result in a major slowdown of innovation. Think about it, we all hate Bill Gates and use, while trying to avoid Microsoft's products pretty much everywhere, monocultures are bad, we'd better have half the Internet using MACs, and the other Windows so there would be an incentive and fair "allocation of resources" targeting both sides, as the plain truth is that malicious attackers aren't just attacking these days, they are gaining scale and becoming efficient. In a free market, where market forces invisibly shape and guide it, there's little room for socially oriented iniciatives like these. Today's software and technologies are shipped to get adapted, that's insecure ones we become dependent on, to later find out we have the live with their insecurities -- no one is perfect, and being all well-rounded is so boring at the bottom line.
If we were to start "thinking Security" everywhere, there wouldn't be anything left in respect to usability at the end of the day. And as I've pointed out in a previous post on valuing security, if security doesn't bring anything tangible, but prevents risks, that's the cornerstone of the problems arising with justifying expenditures. The Internet we've become so addicted and dependent on wasn't build with security in mind, but our conscious or subconscious marginal thinking gave us no choice, either live with the vulnerabilities and take advantage of its benefits, or stop using it at all. If we were to start thinking security first, there wouldn't be Internet at all, at least not in our lifetime. ISPs avoiding to take action on customers participating in botnets as they still haven't managed to find a way to commercialize the service, or Microsoft shipping its products in root mode and with all features turned on by default, are important points to keep in mind when refering to the practice of threatening and not curing deceases.
You cannot blame vendors for the security vulnerabilities in their software, you can blame them for the huge windows of opportunities their lack of action opens, and lack of overal commitment towards mitigating the threats posed by these, now, how you would you go to turn your day dreaming into a measurable metric, even come up with a benchmark is challenging -- a challenge ruined by the value of keeping an 0day, a truly 0day one.
05. The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
There you go with your fully realistic 1984 scenario, I wonder would the idea constitute mass surveillance and social networking analysis altogether. DIY alternatives are gaining popularity, and the cell phone industry doesn't really want to be perceived as an "exact location"provider, rather communication services. The excuse if it becomes habitual? Well, since there's no Cold War anymore -- just sentiments -- it's Terrorism today.
06. Snooping on Historical Click Streams
It was about time Google reposition itself as a search company, not as a new media one heading towards portalization. There's nothing wrong with the idea, the realityis they can never catch up with Yahoo -- and they shouldn't! Spending some time with the feature, and you will be able to verify most of your previous research findings, or come across to surprising ones. Do you trust Google and its geolocation services at the bottom line? I do.
07. Pass the Scissors
It's never too late to earn a buck for printing currency, even in times of inflation in between.
08. Is Bin Laden Lacking a Point?
Google trends point to Washington DC as the region with the highest interest in Bin Laden, not surprising isn't it? I feel the entire idea of an organizational hierarchy and Bin Laden on the top is an oudated thinking, but a marketable one forwarding the entire responsibility to one person, who at the end of day wouldn't have any choice but to accept it, even though he had nothing to do with something in particular. Leadership is critical, and so is possible successorship. An image is worth a thousand words in this case!
09. Pocket Anonymity
Harnesing the power of established brands in privacy, encryption and anonymity services and providing portability is a great idea, no doubt, but what I'm missing is a targeted market, a clear positioning, is it privacy or anonymity provider, as there's a huge difference between the two of these. A free alternative to the idea as well.
10. Travel Without Moving - Scratching the Floor
No comment, just awareness.
11. Terrorist Social Network Analysis
Seems like social network analysis practices apply to terrorist organizations as well, and why wouldn't they? As you can see, there isn't big of a different between a Fortune 500 organization, and a terrorist one, the only problem and downsize is the inability to take advantage of the momentum, historical findings out of data mining are useful for power point slides seeking further investment, and that's it.
12. Valuing Security and Prioritizing Your Expenditures
Reactive, Proactive, or Adaptive, what's your security strategy, and what's your return on security investment?
13. EMP Attacks - Electronic Domination in Reverse
Did you know that Stalin was aware of the U.S's A-bomb, even before Harry Truman was? -- the consequence of too much secrecy sometimes! EMP attacks get rarely discussed, yet today's portability of these and potential for chaos put them on the top of my watch list. There have been numerous ongoing Cybersecurity and critical infrastructure security exercies in the U.S for the last couple of years, and while military equipment goes through hardening process, Russia remains a key innovator whose capabilities have surpassed their own expectations. Cyber warfare is the next Revolution in Military Affairs, and it would be naive not to keep thinking of sneaky attacks, the weakest point in an IT and electronics dependent society.
14. Insider Competition in the Defense Industry
Where else, if not in the defense industry?
15. Techno Imperialism and the Effect of Cyberterrorism
Today's public perception of Cyberterrorism is so stereotyped, perhaps due to one basic reality - you cannot fight Cyberterrorism, the way you can blow up a cave in Afghanistan, and it's a big problem. While public accountability is easily achieved through Cybersecurity exercises, there isn't a better tool for propaganda, recruitment, communication and research than the Internet, and as you're about to find out, there are ongoing initiatives to crawl the Web for terrorist web sites, analyze terrorist speaking communication patters on web forums, and how encryption, flight simulator programs are an unseperable reality of the concept.
As the conspiracy theorist inside me is screaming, there used to be a speculation how Disney on purposely brainwashed the perception of UFOs in its content, to make it more user-friendly excuse, and put everyone who's talking the opposite turns into the usual "that's the guy that has seen them" unfavorable position. Today's coverage on Cyberterrorism doesn't provoke discussion, instead it always tries to communicate and question the credibility of the idea, with the usual scenarios relating to SCADA devices, terrorists melting down power plants and the rest of the science-fiction stories. In all my posts on Cyberterrorism, a topic I've been actively writing on, and following for some years, I always point out that terrorists are not rocket scientists unless we make them feel so -- or have benefits to think they are.
16. Travel Without Moving - Cheyenne Mountain Operations Center
Cheyenne Mountain Operations Center from Google Maps, and a summary of a report onGoogle Earth's security implications, I hope you'll manage to get your hands on, the way I did through a friend.
17. Nation Wide Google Hacking Initiative
I like the idea of auditing a nation's cyber space through Google Hacking, the only problem is communicating the value to public and to the companies/sites. What can be defined as sensitive information leaked through Google, and who's the attacker? Is it a script kiddie, a google hacker, a foreign intelligence personel, or foreign company conducting unethical competitive intelligence? Knowing, or at least theorizing on the possible adversaries will lead your auditing practices to an entirely new level.
18. Espionage Ghosts Busters
No government is comfortable with having to smile at Chinese people, or how their economy is evolving from supplier to manufacturer, still there isn't any serious ground for this case -- besides and uncomfortability issue.
19. Arabic Extremist Group Forum Messages' Characteristics
Great research on today's fully realistic scenario of terrorists communicating over the Web, the public one, as basic authentication would have stopped such automated approaches for sure. What can you actually find with that type of intelligence, real terrorists communications, or growing propaganda sentiments, in between pro-democratic individuals to be recruited?
20. The Current, Emerging, and Future State of Hacktivism
A very well researched dissertation, a lot of visionary thoughts while it goes back to the basics. It is doubtful whether hacktivism would cease to exist despite the for-profit malicious attacks these days, as anarchists, governments, patriots or script kiddies, they all have an opinion on how things should be.
21. Bedtime Reading - The Baby Business
What's a "better" kid, and why you don't need one? Controllable uncertainty can be exciting sometimes, but as always, life's too short to live with uncertainty!
22. Travel Without Moving - Korean Demilitarized Zone
A post with an emphasis on North Korea, which as a matter of fact got recently a decline from the U.S on two-way talks on whether the U.S would condemn their nuclear program. As I've pointed out, there are just looking for attention, while the U.S is sticking to six way talks only. Iran truly took advantage of the overly bad publicity for the U.S around the world.
23. Aha, a Backdoor!
A smart way to fuel growth in homeland security solutions is to be able to exempt publicly traded companies from reporting these activities, and with the SEC trying to achieve better transparency in its data reporting practies, it opens up a huge backdoor for enterprises to take advantage of, without any short-term accountability, or transparency requirements for the use of their stockholder's money. It's the corporate world!
24. Forgotten Security
Forgotten what if security plans on a possible assassination to be precise. It's a like a situationwhere a newly graduated wannabe marketer is asked to conduct a marketing research for a future release of a product, and he just opens his bag and brings out a textbook, and starts looking it up.
25. Delaying Yesterday's "0day" Security Vulnerability
Nothing groundbreaking as this is today's reality for everyone, and there isn't such thing as a true 0day vulnerability these days. Oday to who, to the media, to the underground, to the market, or to the researcher who's catching up with a week of backlog?
26. Who's Who in Cyber Warfare?
In the future the majority of Cyber wars would be waged by nations, and the maturity of their understanding of the concept, and actual capabilities is again going to put the masses as a hostage in between. Defensive or offensive motives behind further development, armies will be defeated, and battles will be won in Cyberspace -- whether by infowar guerilla-fighters, corporations, or nations is the beaty of this uncertain growing reality.
27. No Anti Virus Software, No E-banking For You
Great idea, lot's of revenues for the AV vendor, end users with a feeling of security, all looks and sounds great, but it isn't, as these are the basics. An AV solution doesn't mean you won't get hacked, your financial information stolen, and your home PC won't end up in a botnet, it means there's less chance for it to happen now. Is this campaign worth the publicity and in respect to retaining the bank's customers? I feel it is, but it's where the whole process of bank2customer safety practices communication begins.
28. Microsoft in the Information Security Market
McAfee and Symantec have greatly felt the pressure from Microsoft's ambitions, as they've simultaneously released information on their alternatives of OneCare, all-in-one security and PC tunning for the masses. Moreover, IP violation suits and the rest truly represent the threat, and while I don't see any, I avoid the fact that this is what the end user really needs. And with all the buzz about OneCare, Microsoft's distribution channels, channel partners and strategic partnerships, it would be hard for them to stop using OneCare in an year. That's why McAfee, and Symantec's releases of alternatives neatly ruined the pionner position Microsoft could have taken. Now it's the same old information security market, the one you're so comfortable with, McAfee and Symantec providing security solutions as their first priority, and Microsoft, positioned as a follower catching up. Smart move!
29. Covert Competitive Intelligence
With enterprises considering key extranet participants as potential attack vectors, and web-integration of backend systems as potential targets, insiders are benefiting from within. Dealing with "hackers", malware, firewalls configuration etc. is part of the problem of perimeter based and application based defense. Consider taking into consideration, organizational threats such as insiders, and figure out a cost-effective way of dealing with this hard to detect, measure and secure against threat.
30. The Global Security Challenge - Bring Your Know-How
How would you be more creative, knowing how much is your budget and trying to allocate it for the idea of allocating it, or coming up with the idea first and then trying to commercialize it? Budget allocation is a daily practice, but the way it empowers, the very same way it wastes resources, ones usually wrongly allocated.
Healthy Paranoia
I really feel you.
Tags:
Cyber Warfare,
Hacking,
Information Security,
Information Warfare,
Intelligence,
Intelligence Agency,
Intelligence Community,
OSINT,
Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)