You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach.
Continue reading →
You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach.
Continue reading →
While one of AOL's searchers was publicly identified, enthusiasts are tweaking, and randomly scrolling the then leaked, now publicly available search queries data. Here's someone that's neatly data mining and providing relevant summary of the top result sites, and the top keywords. SEO Sleuth :"was created out of the recently released AOL search data. Welcome to the AOL Keyword Analyser. This tool provides insights that have never before been publically available on the web. I claim: First tool on the web as far as I know that allows you to view what keywords people searched for it in search engines. First time you can see how much organic traffic each site gets from a search engine. First opportunity the public can see how many clicks individual SERPs get."
Surprising results speaking for the quality of the audience by themselves. Meanwhile, the EFF is naturally taking actions.
Related posts:
Data mining, terrorism and security
Shots From the Wild - Terrorism Information Awareness Program Demo Portal Continue reading →
Bed Time Reading - Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture
0
Prr, did I hear someone start counting mobile malware samples, prr?Try getting to know the OS itself, the main proof of concept faciliator representing today's constantly growing mobile malware family. A review of this recommended bed time reading book :
"Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers. The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications. Symbian OS Platform Security covers the essential concepts and presents the security features with accompanying code examples. This introductory book highlights and explains:
* the benefits of platform security on mobile devices
* key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'
* how to develop on a secure platform using real-world examples
* an effective approach to writing secure applications, servers and plug-ins, using real-world examples
* how to receive the full benefit of sharing data safely between applications
* the importance of application certification and signing from the industry 'gatekeepers' of platform security
* a market-oriented discussion of possible future developments in the field of mobile device security"
Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically. And whereas there are more people on Earth with mobile phones compared to those with PCs, it doesn't necessarily mean everyone's having a smart phone -- perhaps Bill Gates "remarkable" cash on the poor proposition could soon undermine the $100 laptop one.
People are getting more aware on the social engineering basics of today's mobile malware, and running a mobile phone anti-virus would be nothing more than a marketer's dream come true -- end users positioning themselves as security savvy buyers. Mobile operators tend to have God's eye view on their networks, therefore epidemics are far from reality, targeted attacks (events and places where the masses gather or pass by), and directly exploiting the lack of awareness in certain regions could make an impact. South Korea's advances in mobile communications let its citizens have more phone bandwidth than an average ADSL user, but I would still have to see this getting abused at a level going beyond the sophisticated impersonation scams going on all the time.
Worth taking your time to read this book, go through Chapter 1 discussing "Why a Secure Platform?" is the basics of mobile devices security, as well.
Related posts:
Privacy issues related to mobile and wireless Internet access
Digital forensics - efficient data acquisition devices
The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
Mobile Devices Hacking Through a Suitcase
Bed Time Reading - The Baby Business
Bed Time Reading - Rome Inc. Continue reading →
Continuing the discussion on the ongoing weaponization of space, and the consequently emerging space warfare arms race. Micro satellites directly matching other satellites trajectories, and taking advantage of high energy concentration in the form of lasers? For sure, but why bother damaging an entire reconnaissance satellite when you can basically spray its lenses to prevent it from using its core function:"But the ability to operate autonomously near another satellite could also be used for offensive purposes, says Theresa Hitchens of the Center for Defense Information in Washington DC, US. If an ANGELS-like satellite were sent towards another country's satellite, it could be used as a weapon, she says. "It’s not far fetched to think that you could equip such little satellites with radio frequency jammers or technologies to block image capability," she told New Scientist. For example, a mini satellite could spray paint on the lens of a satellite's camera in order to blind it, she says. "There's a huge potential for this to be used as an anti-satellite weapon of some sort."
Quite a creative space provocation, isn't it?
Related resources and posts:
Anti Satellite Weapons
Anti Satellite Weapons @ FAS
Is a Space Warfare arms race really coming?
Weaponizing Space and the Emerging Space Warfare Arms Race Continue reading →
Censorship is as bad, as looking directly into the sun which causes blindness, and still remains the among the few key prerequisites for successfully running a modern communism type of government, namely the leader's appearance. And while it's obvious that wearing eyeglasses is supposedly making you look smarter, I'm certain that it's not reading on candles, but censorship that's causing the overal blindness of party members on average.Human Rights Watch recently reseased a very comprehensive report on China's Internet censorship philosophy, technologies, social implications and the business parties involved.
Meanwhile, the blocked since 2002 Blogger.com seems to be again accessible in China. A battle victory for free speech? Don't be naive, the reason it's still accessible is that they figured out how to censor what needs to be censored -- reverse model consisting of allowing everything, and blocking as well as monitoring access to potentially dangerous blogs. Less negative public opinion for sure, a good indication on why the Great Firewall has the potential to get breached into from within. Here are key summaries of what made me an impression:
01. URL de-listing on Google.cn, Yahoo! China, MSN Chinese and Baidu
02. Comparative keyword searches on Google.cn, Yahoo! China, MSN China, Baidu, Yahoo.com, MSN search and Google.com
03. The words you never see in Chinese cyberspace - courtesy of Chinese hackers located a document within the installation package of QQ instant messaging software :
falun, sex, tianwang, cdjp, av, bignews, boxun, chinaliberal, chinamz, chinesenewsnet, cnd, creaders, dafa, dajiyuan, dfdz, dpp, falu, falun, falundafa, flg, freechina, freedom, freenet, GCD, gcd , hongzhi , hrichina , huanet , hypermart , incest , jiangdongriji , lihongzhi ,making , minghui , minghuinews , nacb , naive , nmis , paper , peacehall , playboy , renminbao , renmingbao , rfa , safeweb, sex , simple , svdc , taip , tibetalk , triangle , triangleboy , UltraSurf , unixbox , ustibet , voa, voachinese, wangce, wstaiji, xinsheng, yuming, zhengjian, zhengjianwang, zhenshanren, zhuanfalun
04. The Great Firewall of China: Keywords used to filter web content :
Names of People
Bao Tong, Chen Yonglin, Cui Yingjie, Ding Jiaban, Du Zhaoyong, Gao Jingyun, Gao Zhisheng, He Jiadong, He Weifang, Hu Xingdou, Hu Yuehua, Hua Guofeng, Huang Jingao, Jiang Mianheng, Jiang Yanyong, Jiang Zemin, Jiao Guobiao, Jin Zhong, Li Zhiying, Liang Yuncai, Liu Jianfeng, Liu Junning, Liu Xiabobo, Nie Shubin, Nie Shubin (repeated),Sun Dawu, Wang Binyu, Wang Lixiong, Xu Zhiyong, Yang Bin, Yang Dongping, Yu Jie, Zhang Weiying, Zhang Xingshui, Zhang Zuhua,Zhao Yan, Zhou Qing, Zhu Chenghu, Zhu Wenhu, Zi Yang (in English), Ziyang (in Chinese), Ziyang (in English), zzy (in English, abbreviation for Zhao Ziyang)
Chinese Politics
17th party congress, Babaoshan,Beat [overthrow] the Central Propaganda Department, Blast the Central Propaganda Department, Block the road and demand back pay, Chief of the Finance Bureau, Children of high officials, China liberal (in English), Chinese Communist high officials, Denounce the Central Propaganda Department, Down with the Central Propaganda Department, Impeach, Lin Zhao Memorial Award, Patriots Alliance, Patriots Alliance (abbreviated), Patriots Alliance Web, Police chase after and kill police, Pollution lawsuit, Procedures for dismissing an official, Red Terror, Set fires to force people to relocate, Sons of high officials, The Central Propaganda Department is the AIDS of Chinese society, Villagers fight with weapons, Wang Anshi’s reform and the fall of the Northern Song dynasty, Specific Issues and Events, Buy corpses, Cadres transferred from the military, Cashfiesta (English), Cat abuse, Changxin Coal Mountain, China Youth Daily staff evaluation system, Chinese orphanage, Chinese Yangshen Yizhi Gong, Demobilized soldiers transferred to other industries, Dongyang, Dongzhou, Fetus soup, Foot and mouth disease, Fuzhou pig case, Gaoxin Hospital, High-speed train petition, Hire a killer to murder one’s wife, Honghai Bay, Horseracing, Jinxin Pharmaceutical, Kelemayi, Linyi family planning, Market access system, Mascot, Military wages, No Friendlies, Prosecutor committed suicide, Pubu Ravine, Shanwei government, Suicide of deputy mayor, Suicide of Kuerle mayor, Swiss University of Finance, Taishi village, Top ten worst cities, Wanzhou, Weitan [Village], Zhang Chunxian welcomes supervision against corruption, Falun Gong
Terms related to the banned Falun Gong spiritual movement, including phrases from its “NineCommentaries” manifesto against the Communist Party
Chinese Communist Party brutally kills people, dajiyuan (in English), Defy the heavens, earth and nature. Mao Zedong, Epoch Times, Epoch Times (written with a different character), Epoch Times news Web site, Evaluate the Chinese Communist Party, Evaluate the Chinese Communist Party (abbreviated), falundafa (in English), flg (in English), Fozhan Qianshou Fa, Guantong Liangji Fa, In the Chinese Communist Party, common standards of humanity don’t exist, Li Hongzhi, lihongzhi (in English), Master Li, minghui (in English), Mother and daughter accused each other, and students and teachers became enemies, New Tang dynasty TV Station, Nine Commentaries, No. 1 evil cult in the world, Obedient citizens under its brutal rule, People become brutal in violence, Chinese Communist Party, People developed a concept of the Chinese Communist Party, but, People who could escape have escaped, and had people to seek refuge with, Quit the party, Run the opposite direction of the so-called ideals of Communism, Shenzhou Jiachifa, Spring Festival Gala of the World’s Chinese, Steal people’s painstaking work, Truth, Compassion, Tolerance [Falungong slogan], Zhenshanren (in English) [same slogan in English]
Overseas Web Sites, Publications and Dissident Groups
Century China Foundation, China Issues Forum, China Renaissance Forum, China Society Forum, China Spring, Chinese Current Affairs, Chinese World Forum, EastSouthWestNorth Forum, EastWestSouthNorth Forum, Forum of Wind, Rain and the Divine Land, Freedom and Democracy Forum, Freedom to Write Award, Great China Forum, Han Style, Huatong Current Affairs Forum, Huaxia Digest, Huayue Current Affairs Forum, Independent Chinese PEN Center, Jimaoxin Collection, Justice Party Forum, New Birth Web, New Observer Forum, North American Freedom Forum, reminbao (in English), remingbao (in English), Small Reference, Spring and Summer Forum, Voice of the People Forum, Worldwide Reader Forum, You Say I Say Forum, Zhengming Forum, Zhidian Jiangshan Forum, Zhongshan Wind and Rain Forum
Taiwan
Establish Taiwan Country Movement Organization, Great President Chen Shui-bian, Independent League of Taiwan Youth, Independent Taiwan Association, New Party, Taiwan Freedom League, Taiwan Political Discussion Zone
Ethnic Minorities
East Turkestan, East Turkestan (abbreviated), Han-Hui conflicts [ethnic conflicts], Henan Zhongmu, Hui [muslim ethnic minority] rebellion, Hui village, Langcheng Gang, Nancheng Gang, Nanren Village, Tibet independence, Xinjiang independence, Zhongmu County
Tiananmen Square
Memoirs of June 4 participants, Redress June 4, Tiananmen videotape, Tiananmen incident, Tiananmen massacre, Tiananmen generation, World Economic Herald
Censorship
Cleaning and rectifying Web sites, China’s true content, Internet commentator, News blockade
International
Indonesia, North Korea falls out with China, Paris riots, Tsunami
Other
Armageddon, Bomb, Bug, Handmade pistol, Nuclear bomb, Wiretap, Chinese People Tell the Truth, Chinese People Justice and Evil, China Social Progressive Party, Chinese Truth Report, Dazhong Zhenren Zhenshi, Jingdongriji (English), Night talk of the Forbidden City, People’s Inside Information and Truth
Take your time to understand the Twisted Reality courtesy of China's Internet Censorship efforts, and learn more on how to undermine censorship.
Related resources and recent posts:
Censorship
China's Interest of Censoring Mobile Communications
South Korea's View on China's Media Control and Censorship Continue reading →
Huge traffic aggregators such as the majority of social networking sites,attract not only huge percentage of the Internet's population on a regular basis, but also malware authors taking advantage of the medium as an infection vector -- and why not as a propagation one as well?ScanSafe just came up with some nice stats on the average number of social networking pages hosting malware - based on five billion web requests, there's one piece of malware hosted in 600 social networking pages :
"According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. The company also reported that the use of social-networking sites, often assumed to be popular only with teens, accounted for approximately 1 percent of all Web use in the workplace. “Social-networking sites have been newsworthy because of the concern over our children’s safety, but beyond unsafe contact with harmful adults, these sites are an emerging and potentially ripe threat vector that can expose children to harmful software,” said Eldar Tuvey, CEO and co-founder, ScanSafe. “Users are frequently subject to unwanted spyware and adware that can compromise their PCs, track online behavior and degrade PC performance.”
SpiDynamics recent research into Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript , Hacking RSS and Atom Feed Implementations, and the countless web application vulnerabilities in popular portals turn this into a malware author's wet dream come true. You can also go through my key points on web application malware I made at the beginning of 2006, the "best" is yet to come.
Related resources and posts:
Malware
Malware Targets Social Networks - podcast
The Current State of Web Application Worms
Web Application Email Harvesting Worm Continue reading →
Outstanding perspective, given the author is an ex-CIA analyst himself. Controversial to the common wisdom of a Project Manhattan type of departamental seperation -- everyone's working to achieve the same goal, whereas no one knows what the others are doing -- there's a growing trend of better analyzing and responding to an intelligence analyst's productivity needs. Watchin' the Analysts greatly descibes the Intelligence Community's efforts to sense and respond to these growing trends of collaboration, in between figuring out how to balance the possible security implications. Great reading, especially the infamous news headline on how the CIA got "hacked" through an internal unofficial communication chat room, one that they were unaware of by the time. The paper discusses LinkedIn, Del.icio.us, Blogs, and highlights the basic truth that "Anything You Can Do, I Can Do Meta..", an excerpt :"Analysts interact among themselves, as a complex community web of knowledge. Analysis of those sorts of networks would be worthwhile, and is being done in the commercial sector, through a variety of tools. In the fall of 2000, the CIA shut down a so-called “chat room” operating unofficially over Agency networks; four employees lost their jobs, with other employees and contractors given reprimands. I had left the Agency in 1994, but numerous of those involved were friends and former colleagues. My impression was that what occurred was more embarrassing than threatening, and that agency management ought to understand how and why such virtual communities form—whether they’re facilitated or frustrated by the “official” infrastructure—and appreciate their value. Various network visualization tools would have readily revealed anomalous (at least as far as official business was concerned) traffic, but analysts will want and need an environment that fosters creativity and community, and ought to be given one."
However, there's a certain degree of internal censorship going on, the way employers often have strict guidelines on employees blogging activities, the CIA recently fired an analyst over an internal blog posting related to the Geneva Convention and torture. Risk management solutions, besides visualization are, of course, taking place as well.
Related resources and posts:
Intelligence
Visualization, Intelligence and the Starlight Project
"IM me" a strike order
Covert Competitive Intelligence
India's Espionage Leaks
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems Continue reading →
A Chief Privacy Officer and basic common sense anyone?As you all know, during the weekend 20M search queries of 650,000 AOL users leaked, and are all over the Internet available for download. It's simple unbeliavable that the only measure to ensure the privacy of the data was the "unique ID", and how often does the excuse of improving search results pop out. No need for subpoenas this time, but basic use of filtering techniques.
Seems like AOL searcher 4417749 has been identified by a NYtimes reporter :
"Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.” And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.” It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her."
Hope AOL gets to win the Big Brother Awards, nominated for sure.
Related resources and posts:
Privacy
Still worry about your search history and BigBrother?
The Feds, Google, MSN's reaction, and how you got "bigbrothered"?
What search engines know, or may find out about us?
Security vs Privacy or what's left from it
Snooping on Historical Click Streams
Brace Yourself - AOL to Enter Security Business Continue reading →
Wish it was the Chinese equivalent of Big Brother I'm refering to, in this case it's a mother of six tracking down teenagers who toilet-papered her house, and mind you, she didn't even bother to use MySpace, instead :"Base persuaded supermarket managers to tally daily toilet-paper buys for the week and a Stater Bros. manager said there was a run on bathroom tissue two days before her home was vandalized. At 7:30 p.m. Feb. 17, someone bought 144 rolls of toilet paper, cheese, dog food, flour and plastic forks, the same items found on her lawn and house. It was a cash transaction, making it difficult to trace the purchaser, but the store had video surveillance. The video showed four teenagers making the purchase, one of them wearing a Norco High School letterman's jacket with a name stitched across the back. The store's parking lot surveillance camera showed the truck they were using. Base then borrowed a Norco High yearbook and used online databases to get the name, phone numbers and addresses of the teens on the store tape."
One question remains though. If she managed to socially engineer the supermarket's staff to pass her transactions info, even a surveillance camera footage, I wonder where they were shopping from, and would her detective work findings hold in court given how they were obtained. What if they used a distributed shopping practice?
You may also find a previous post on Big Brother in the Restroom, a relevant one.
UPDATE: Great post at Angela Gunn's Tech_Space. Keep your friends close, your neighbors closer! Continue reading →
WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."
The trade-off remains on whether physically restoring the device would remain undetected, compared to directly streaming the output outside the network. I'll go for the covert network timing whereas insecurities and flexibility are always a matter of viewpoint.
UPDATE: The future defined - Projection Keyboards
Related resources:
Espionage Ghosts Busters
Covert Channel
Gray-World Team
IP Covert Timing Channels: An Initial Exploration
Information Theory of Covert Timing Channels
Detection of Covert Channel Encoding in Network Packet Delays Continue reading →
In case you want to know more about the evolution of bots, and ease of assembling a botnet, why families take the largest zombie share compared to single bachelors only, or which technologies dominate the threatscape - go through the slides of this study on identifying "interesting" bot technologies within a large malware collection. Bot Feature & Technology Trends by Robert Lyda also highlights distribution of bot variants from the following families :GaoBot
SpyBot
MyTob
PolyBot
PoeBot
gBot
BrepiBot
DanishBot
NetBot
KvdBot
TriBot
TongBot
SdBot
KwBot
BugBot
As well as :
- Emergence of Bots as of eggdrop's 1993 appearance
- 2005 Bot Family Percentage per Month
- Bot Feature Percentage of All Variants
- Bot Feature Percentage Over All Variants
- Bot Technology Trends for 2005
- Bot Packing Analysis
- Prelevance of the Top 12 Packing Tools
To bottom line - bot families result in anti virus software detecting over 200,000 pieces of malware already, trouble is the majority of them have long converted into family members rather than staying bachelors only as it used to be. Malware on demand and Open Source Malware, combined with the ease of packing, are definitely making their impact.
Related resources and posts:
Malware
Splitting a Botnet's Bandwidth Capacity
An Intergalactic Security Statement
Malware Search Engine Continue reading →
This weekend's featured DVD is a marvelous representation of a full-scale 1984 type of mass surveillance society, but compared to an utopian party acting as the caring BigBrother, here it's the inavitable advances of technology, and availability of services leading to the ultimate digital preservation of our entire living -- through our own eye-embedded implants. Worth taking your time to watch this "remixing" of reality leading to the ultimate saint, but I have to agree with SFAM's comments on the "usefulness" of the technology for compiling a 30 min funeral clip only. The rest is the plot itself.A brief summary of The Final Cut :
"In a near undefined future, people may have a Zoe microchip implanted in their nervous system to permit their families retrieve the best moments of their memories and watch on video after their deaths. This process is called "Rememory" and Alan H. Hakman (Robin Williams), a man traumatized by an incident in his childhood, is the best cutter of the Eye Tech Corporation. The company is facing groups that oppose to the "Rememory" and the ex-cutter Fletcher (Jim Caviezel) is leading these opponents. When Alan is assigned to prepare the final cut of the memories of the Eye Tech lawyer Charles Bannister, his Zoe chip is disputed by Fletcher. Meanwhile, Alan finds that he has also an implanted microchip, which is against the rules of a cutter."
You can also go through CyberPunkReview's comments and snapshots of The Final Cut.
Related resources:
Surveillance
Privacy
UPDATE: Seems like Blogspot is only searching through 7 out of my 209 posts, and ignoring the conspiracy theory you can still do it the old fashioned way - Surveillance, Privacy, Malware, Censorship, Cyber terrorism, Intelligence, etc. Continue reading →
What's new on the malware front? Quite some new developments to be included in Q2's summary for 2006, I'm about to finalize any time now. Just came across to a great continuation of my original Malware - Future Trends publication, this time courtesy of the Royal Canadian Mounted Police, quoting and further expending the discussion on my key points :- Mobile malware will be successfully monetized
- Localization as a concept will attract the coders' attention
- Open Source Malware
- Anonymous and illegal hosting of (copyrighted) data
- The development of Ecosystem
- Rise in encryption and packers
- 0day malware on demand
- Cryptoviral extortion / Ransomware will emerge
- When the security solutions (antivirus etc.) ends up the security problem itself
- Intellectual property worms
- Web vulnerabilities, and web worms - diversity and explicit velocity
- Hijacking botnets and infected PCs
- Interoperability will increase the diversity and reach of the malware scene
A brief summary :
"This report will provide an overview of the numerous malicious code trends experts are observing and those they predict will be seen in the foreseeable future. This is not a document that will chart the future of malicious code as that would be impossible. Malware writers move very quickly. They are adaptable and very often they are exploiting vulnerabilities before the rest of the security industry is fully aware of them. Their flexibility and reaction speed is essential if they wish to continue to make a profit and stay ahead of the anti-virus companies who are constantly devising new ways to detect and remove hostile code. As a result, some of the trends covered in this document may never fully evolve and others that have not been mentioned will, no doubt, appear.This document will give readers a better sense of what is coming “down the pipe” and perhaps, a better idea of what to look for when dealing with tomorrow’s malicious code."
Professionally questioning a vendor's or mogul's self-mythology is the anti-mogul speciality. Don't just slice the threat on pieces and take credit for slicing it, let's discuss the pie itself.
Meanwhile, keep an eye on my Delicious Information Warfare summaries, and syndicate them if time equals opportunities. Continue reading →
Define:nerd "Luca Carettoni and Claudio Merloni are security consultants at Milan, Italy-based Secure Network. The two created the BlueBag to raise awareness about the potential of attacks against Bluetooth-enabled devices, they said in an interview at the Black Hat security event in Las Vegas. The BlueBag is a roll-aboard suitcase filled with hardware. That gear is loaded with software to scan for Bluetooth devices and launch attacks against those, the two men said. We started evaluating how Bluetooth technology was spread in a metropolitan area, Carettoni said. We went around airports, offices and shopping malls and realized that a covered bag can be used quite effectively for malicious purposes."
Outstanding execution of the idea, I still wonder what would the content of the suitcase look like through an X-ray if they ever get to pass through one of course. Go through the entire photo session at Black Hat 2006, by Joris Evers @CNET NEWS.com's team, as well as over the basics of bluetooth (in)security.
Continue reading →
The point here isn't the consolidation indicated in the article :"The consolidation involves Singer’s headquarters staff, and subordinate Naval Security Group Activities (NSGA) and detachments (NSGD). When fully completed, the action will combine the Navy's enlisted Cryptologic Technicians and Information Warfare officers into the same organization as the Navy’s Information Systems Technicians and Information Professional officers. The IO warfare area is composed of five core integrated capabilities: Electronic Warfare, Computer Network Operations, Psychological Operations, Military Deception and Operational Security. These combine with related capabilities to provide “Information Dominance,” the concept of controlling an adversary’s use of the information and communications environment while protecting one’s own."
but the advances of intercepting electromagnetic emissions reflected off the Moon back in 1962, through the NRRO 600-Foot Steerable Parabolic Antenna :
"Naval Radio Research Observatory (NRRO). This observatory is to be erected at Sugar Grove, West Virginia for exploiting lunar reflective techniques for the purposes of intelligence collection, radio astronomy, and communications-electronics research. A 600-foot steerable parabolic radio antenna will provide for the reception of electromagnetic emissions reflected off the moon. As an intelligence device it will provide for reception and analyzing emissions from areas of the world not now accessible by any other known method, short of physical penetration. The Observatory is planned to be operational in FY 1962."
Here's more info on the concept :
"Although the 600-ft telescope was never built, a satellite-based alternative, called `GRAB' (Galactic RAdiation Background), was launched in June of 1960. Again, this was a dual-use system. The world's first elint satellite and astronomical observatory were integrated into the same satellite bus, with astronomy serving as an operational front for the whole. A second GRAB was launched in 1962. This interface of classified and basic research tells us about the pursuit of science and science-based technologies during the Cold War."
Nowadays it just seems to be full of bird listeners using parabolic microphones, activists "hacking" TV and Radio signals, and others conducting sophisticated TECHINT on the war field.
Related resources:
InformationWarfare
Cyber Warfare
PSYOPS
Intelligence Continue reading →
This is cute as it solves a major problem with customers having to use, and more easily lose tokens. Neat integration with the push of a button on the one time password generating credit card :"It took InCard four years to develop the card, Finkelstein said. The company combined technology from a Taiwanese display maker, a U.S. battery manufacturer and a French security team, he said. A Swiss partner, NagraID, owns the rights to the process to combine the pieces and actually manufacture the technical innards of the card. The biggest development challenges were the ability to bend the card, power consumption and thickness, Finkelstein said. The result is a card that's as thin and flexible as a regular credit card and is guaranteed to work for three years and 16,000 uses. "Which is about 15 times a day, seven days a week," Finkelstein said."
Compliance with the FFIEC, or an emerging trend of convergence, trouble is it doesn't solve the majority of issues related to phishing attacks, rather it has the potential to undermine other companies' offerings. Now all they need is someone who'll take the role of an evangelist besides the well networked company executives.
Related posts:
Anti Phishing Toolbars - Can You Trust Them?
Heading in the Opposite Direction
No Anti Virus Software, No E-banking for You Continue reading →
Great example of automated bots attacking Ebay's core trust establishing process- the feedbacks provided by users taking advantage of the wisdom of crowds to judge on their truthfulness :"Again, a sharp eye may notice that feedback comments received from sellers are identical, and read almost in the same order. This is because most 1-cent-plus-no-delivery-cost sellers automate the whole transaction: should someone buy their eBooks for one cent each, some scripts email it automatically to the buyer, and leaves a standard feedback comment on the buyer’s profile. So, if we recollect everything, the following is probably happening:
1. Someone is massively creating randomly named, fake user accounts (probably in a more or less automated fashion).
2. Those fake users, powered by automated web spider software, are set to scavenge eBay for 1-cent "buy it now" items and buy them.
3. Automatically, the 1-cent item seller script is emailing the buyer with the item, and posts its standard feedback on his profile.
4. The fake user automatically responds with a standard feedback comment on the seller’s profile.
In a nutshell: Two bots are talking. And doing business."
The use of CAPTCHAs, and ensuring the bots never manage to register themselves, is as important as the automated the process of bypassing CAPTCHA authentication . Expect to see a much better random generation of pseudo users, and their feedbacks compared to these one. And since Ebay is no longer an intermediary, but a platform, bots got plenty of seed data to begin their life with, don't they?
These very same techniques apply to common networks such as the Internet Relay Chat, and the majority of instant messengers where malware tries to, either take advantage of a momentum and forward itself to a buddy, or keep the discussion going until the time for a fancy photo session exchange has come. Continue reading →
1. Love with tingles2. True Friends
3. Respect, one when the results go beyond the position and size of market capitalization
4. Style
5. Childhood full of joy
6. Knowledge, diploma and insider leaks are something else
7. And obviously Innovation as you can see at this slide and compare it to the rough reality for the top tech R&D spenders. 800 pound market capitalization gorillas for sure, but not innovators. A knowledge driven society results in talent wars -- permanently attracting the walking case studies is also important.
Outspending ends up in budget allocation myopia, compared to actually prioritizing your R&D efforts. You aren't productive when you have all the cash in the world, exactly the opposite, and passion does play a crucial role when it comes to creativity. Go through a handy summary of a study on Does R&D spending deliver results? as well. Continue reading →
With China breathing down Japan's neck, and North Korea crying for attention by actively experimenting with symmetric and asymmetric warfare capabilities, Japan's need for better reconnaissance, and limiting of its imagery gathering dependence has been in the execution stage for years as Reliance on U.S. intelligence on missile launch shows need for improvement :"The two spy satellites currently in operation are both polar orbiters circling the globe at altitudes of 400 to 600 kilometers. If the fourth, a SAR satellite, is launched in 2007 as planned, it will complete the four-satellite reconnaissance system, and the country will be able to monitor any point on Earth at least once a day, officials said. It will therefore become possible for Japan to monitor day-to-day changes in North Korean missile-launching sites. The problem, however, is if the system will be effective at the moment of a missile launch, which would depend on the weather and positions of the satellites at the time, officials said on condition of anonymity. In stark contrast with Japan, the United States has orbited more than 100 satellites, at least 15 of which are reportedly for intelligence-gathering purposes, they said. As experts put it, the U.S. satellites can identify objects as small as 8 to 9 centimeters in size if weather conditions are ideal. The United States has five early-warning satellites, including one for backup purposes, keeping watch over North Korea around the clock, they said."
They're definitely using open source IMINT on North Korea as well, or requesting detailed imagery on demand through commercial providers, in between further developing their early warning systems. Go through an article on Japan's Information Gathering Satellites Imagery Intelligence in case you're interested in their past efforts in this direction. However, I feel it's their neighbors' cyber warfare capabilities they should be also worried about.Image courtesy of Northrop Grumman. Continue reading →
As I've been busy catching up with way too many things to list them, I'd better finalize my creativity efforts and provide you with the results as they appear during the week. Meanwhile, current events being constantly streamed and brainwashed from every TV channel you try to watch -- remember how in 1984 only the party leaders had the privillege to turn off their 24/7 propaganda streams? Feel empowered nowadays -- made me think on how today's situation slightly represents the one filmed in the Path to War, especially the partisan warfare activities.You can never win a partisan war, what you'll end up with is your ego and nose bleeding, and your heroistic wings sort of broken. Feeling, or positioning yourself for powerful PSYOPS while destroying a country's infrastructure to eradicate the partisan fighters, is one of my favorite moments in the movie, especially when they realized how they've managed to destroy 140% of Vietnam's infrastructure and were still losing the war.Even worse, having to power and diplomatic influence to make a change,while being a beauraucrat to win time as someone else's about to take care of your dirty laundry is such a bad example for the rest of the democratic world, yet a convenient one.
Great post at DefenseTech on autonomous warfare, destroy the oil resources to limit the movement of suppliers - have a dozen of grannies move them on bycicles or take it personally, destroy a bridge, and see a wooden one build within day or two, every war is an act of terrorism by itself, where the term "acceptable levels of casualties" constantly jumps from the military to the political dictionary.
Previous DVDs of the Weekend and related comments:
DVD of the Weekend - The Lone Gunmen
DVD of the Weekend - The Outer Limits - Sex And Science Fiction Collection
DVD of the Weekend - War Games
DVD of the Weekend - The Immortals
DVD of the Weekend - Lawnmower man - Beyond Cyberspace Continue reading →
Subscribe to:
Comments (Atom)
RSS Feed