Dealing with Spam - The O'Reilly.com Way

While China feels that centralization is the core of everything, and is licensing the use of mail servers to fight spam, thus totally ignoring the evolution of spam techniques, the other day I came across to some recent Spam Statistics from Oreilly.com -- scary numbers!

"Our mail servers accepted 1,438,909 connections, attempting to deliver 1,677,649 messages. We rejected 1,629,900 messages and accepted only 47,749 messages. That's a ratio of 1:34 accepted to rejected messages! Here is how the message rejections break down:

Bad HELO syntax: 393284
Sending mail server masquerades as our mail server: 126513
Rejected dictionary attacks: 22567
Rejected by SORBS black list: 262967
Rejected by SpamHaus black list: 342495
Rejected by local block list: 5717
Sender verify failed: 4525
Recipient verify failed (bad To: address): 287457
Attempted to relay: 5857
No subject: 176
Bad header syntax: 0
Spam rejected (score => 10): 42069
Viruses/malware rejected: 2575
Bad attachments rejected: 1594"

Draw up the conclusions for yourself, besides shooting into the dark or general syntax errors, total waste of email traffic resulting in delayed email is the biggest downsize here, thankfully, non-commercial methods are still capable of dealing with the problem. At the bottom line, sending a couple of million email messages on the cost of anything, and getting a minor response from a "Hey this is hell of a deal and has my username on the top of it!" type of end users seems to keep on motivating the sender. Localized spam is much more effective as an idea, but much easier to trace compared to mass-marketing approaches, though I feel it would emerge with the time.

Browse through Spamlinks.net for anything anti-spam related, quite an amazing resource. Continue reading →

Big Brother in the Restroom

Wikes! This is nasty, and while the porn industry has commercialized the idea a long time ago, I never imagined the levels of crime in public restrooms would "reach" levels requiring CCTVs to be installed -- if there's so much vandalism going on in public restrooms, these will definitely get stolen as well, picture the situation! Norway installs surveillance cameras in park restrooms.

Hint : once you get involved in the CCTV irony, I say irony mainly because the dude behind the 40 motion detection and face recognition wall is having another CCTV behind his back, you end up spending tax payers money to cover "blind spots", and end up with a negative ROI while trying to achieve self-regulation, if one matters!

Surveillance and Society's journal still remains the most resourceful publication on surveillance studies and its impact on society.

Further reading and previous cases:
The Hidden Camera
Iowa Judge Says Hidden Restroom Camera Case Can Proceed to Trial Continue reading →

World's Internet Censorship Map

While it seems rather quiet on the Internet's censorship front, the media coverage on the topic represents a cyclical buzz that reemerges with the time.

Thankfully, initiatives as the OpenNet one, and organizations such as Reporters Without Borders never stop being the society's true watchdogs when it comes to Internet censorship. ONI's neat visualization of the Internet filtering map is a great way of pin pointing key locations, and provide further details through their in-depth reports, take a look for yourself!

Censorship is capable of running entire governments, maintaining historical political power, and mostly ruling by "excluding the middle". Recently, two of China's leading Internet portals were shut down due to maintenance issues acting as the excuse for improving their filtering capabilities. Reporters Without Borders conducted an outstanding analysis of the situation, coming to the conclusion "that the search engines of China’s two leading Internet portals, Sina and Sohu, after they were shut down from 19 to 21 June for what they described as a “technical upgrade” but which in fact was designed to improve the filtering of their search results."

What is Google up to? Making business compromises in order to harness the power of the growing Chinese Internet population. And while the Wall is cracking from within, the world is also taking actions against the fact that there're currently 30 journalists behind bars in China. Continue reading →

Delicious Information Warfare - 13/24 June

Brief summaries of key events for the last week and a half, catch up with previous ones as well. I intend to continue sharing my daily reads while emphasizing on the big picture, and emerging trends. Great quote courtesy of the The Royal Swedish Academy of War Sciences : “The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data. It’s all just electrons. . . . There’s a war out there . . . and it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think, it’s all about information.”

01. Eyeballing North Korean Missile Launch Furor - "Latest satellite photo coverage and description of the launch site facilities." to Military Satellite Reconnaissance GEOINT ... on 25 June

02. VoIP wiretapping could lead to more problems - "Requiring Internet service providers to respond in real time to requests for them to record VoIP calls would open up the Internet to new vulnerabilities, Whitfield Diffie added." to Intelligence Terrorism Wiretapping CALEA VoIP on 25 June

03. Police arrest two in Japan data theft case - "Blackmailers attempted to extort almost $90,000 from one of Japan's largest phone companies by threatening to reveal a leak of private data belonging to four million customers before a major shareholder meeting." to Espionage Insider Investing on 25 June

04. Kevin Mitnick, the great pretender - "ZDNet UK caught up with the ex-cracker to discuss developments in social engineering, new U.S. laws monitoring telephone systems and alleged "NASA hacker" Gary McKinnon's impending extradition to the United States." to Security Interview on 25 June

05. Data-Theft Worm Targets Google's Orkut - "Now, however, the infection will pop up a message telling you your data is being mailed off someplace, before sending you to the Orkut site." to Malware Web on 25 June

06. French Microsoft Web site hacked - "Hackers on Sunday broke into a part of Microsoft's French Web site, replacing the front page with online graffiti." to Hacktivism Microsoft Defacement on 25 June

07. SCADA industry debates flaw disclosure - "The guys who are setting up these systems are not security professionals. And many of the systems that are running SCADA applications were not designed to be secure--it's a hacker's playground."
to Security SCADA Cyberterrorism Vulnerabilities on 25 June

08. Details emerge on second potential NSA facility - "The room had a sophisticated set of double security doors, known as a "mantrap," and any engineer who worked inside required extensive security clearances." to Intelligence NSA Terrorism Surveillance Wiretapping on 25 June

09. Next-Gen Bank Trojans Are Upon Us - "The 3G Banking Trojan can steal your info and then siphon your account of its cash. The 3G Banking Trojan began with the "Win32.Grams" piece of malware, which first appeared in 2004."to Malware on 25 June

10. Malware authors eyeing Web-based applications - "As Web-based services grow increasingly popular, industry experts say users should brace for more of these threats." to Malware Web on 25 June

11. Stratcom leads DOD cyberdefense efforts - “Unfortunately for us, cyberterrorism is cheap, and it’s fast,” Kehler said. “Today’s terrorist moves at the speed of information.” to Defense InformationWarfare Cyberterrorism on 25 June

12. Text Messaging Used as Malware Lure - "Botnet herders have found a crafty new way to lure computer users to maliciously rigged Web sites—via text messaging on cell phones." to Malware Mobile on 25 June

13. Two China Search Sites Shut - "Censorship or maintenance? That’s the question after two Chinese search engines shut down temporarily." to China Censorship FreeSpeech on 25 June

14. Web services increasingly under attack - "As larger audiences flock to Web sites that run on ever more powerful programming scripts, malware writers are them fertile ground." to Security Malware Web on 25 June

15. What's the Endpoint of Endpoint Security? - "Finally, there’s a more manipulative progenitor of new jargon: the analyst community. White papers, market reports and mystical squares can get crowded, and the big vendors often dominate them."
to Security Investing Advertising Leadership on 25 June

16. Expatriates in Canada pressured to spy - "Despite strong warnings from the government of Canada, certain countries continue to use their intelligence services to manipulate and exploit expatriate communities in Canada," CSIS said." to Intelligence OSINT Espionage on 25 June

17. Review: Terror On The Internet - "Terror on the Internet" usefully outlines the basic contours of his subject, giving a taste of Al Qaeda's Internet rhetoric and strategies, along with those of less well-known militant groups from Colombia to the Basque country to Chechnya." to InformationWarfare Cyberterrorism Terrorism PSYOPS on 25 June

18. Web of terror - "The suspects reportedly became radicalized through militant Web sites and received online advice from Younis Tsouli, the Britain-based Webmaster for Islamic extremist sites who called himself "Terrorist 007," before he was arrested late last year." to InformationWarfare Cyberterrorism Terrorism PSYOPS Web on 25 June Continue reading →

Travel Without Moving - Erasmus Bridge

Catching up with last week's Travel Without Moving shot, this one isn't intelligence of military related, but a marvelous engineering achievement, Erasmus Bridge -- perhaps the perfect moment to demonstrate my amateur photographer skills while tripping around. I will definitely share more shots from cons and life, the way I experience it, anytime now. And meanwhile, you can take a peek at the latest addition to the Eyeball Series, the North Korean Missile Launch Furor -- catching up with a conventional weaponry doctrine is anything else but a milestone.

Google Earth and Google Maps continue making the headlines as a "threat" to national security, where the key points remain the balancing of satellite reconnaissance capabilities between developed and developing nations, the freshness of the data, and it's quality. Sensitive locations can indeed be spotted, and then again, so what? And, with the launch of Geoportail.fr the French government aims at achieving transparency, rather than overhyping this common sense "insecurity". Continue reading →

No Other Place Like 127.0.0.1

Sincere apologies for the sudden disappearance, but thanks for the interest even though I haven't been active for the last week due to quality offline activities. No other place like 127.0.0.1, and the smell of an untouched by human hand, Cold War era postage stamps glue on my high value collections -- I do own several "stamp anomalies".

Collecting postage stamps is a challenging hobby for a teenager to have, mostly because of his usually low income, and this rather expensive hobby.The solution in my case back then, was bargaining while reselling ancient coins and purchasing postage stamps through the margins.While every collection has its story on how I acquired it, perhaps the most important thing I realized back then was that, if you don't respect something, sooner or later you're going to lose it to someone with a better attitude towards it.

Posting will resume shortly, a lot has happened for a week, and the only thing I pretend I'm not good at is wasting my time. As a matter of fact, I've got some very nice comments out of a presentation held at the University of Dresden, Germany, regarding my Future trends of malware research. Continue reading →

Web Application Email Harvesting Worm

This is a rare example of a web application vulnerability worm, targeting one of the most popular free email providers by harvesting emails within their 1GB mailboxes, and of course propagating further.

"Yahoo! on Monday has repaired a vulnerability in its email service that allowed a worm to harvest email addresses from a user accounts and further spread itself. The JS/Yamanner worm automatically executes when a user opens the message in the Yahoo Mail service. It uses JavaScript to exploit a flaw that until today was unpatched. Yahoo later on Monday fixed the vulnerability. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user," Yahoo! spokeswoman Kelley Podboy said in an emailed statement."

Web application worms have the potential to dominate the malware threatscape given the amount of traffic their platforms receive, my point is that even within a tiny timeframe like this, one could achieve speed and efficiency like we've only seen in single-packet worms.

In a previous post related to the "Current State of Web Application Worms", you can also find more comments and resources on the topic. Rather defensive, the content spoofing exploiting the trust between the parties that I mentioned is nothing compared to the automated harvesting in this case. As there's naturally active research done in Bluetooth honeypots, IM honeypots, ICQ honeypots, Google Hacking honeypots, it's about time to start seeding your spam trap emails within free email providers or social networking providers.

The stakes are too high not to be exploited in one way or another, I hope we'll some day get surprised by a top web property coming up with a fixed vulnerability on their own. Realizing the importance of their emerging position as attack vector for malware authors is yet another issue to keep in mind. And the best part about web services is their push patching approach, you're always running the latest version, so relaying on end users is totally out of the question.

Find out more details on the worm, and comments as well.

UPDATE: Rather active month when it comes web application malware events, another Data-Theft Worm Targets Google's Orkut. Continue reading →

Consolidation, or Startups Popping out Like Mushrooms?

If technology is the enabler, and the hot commodity these days, spammers will definitely twist the concept of targeted marketing, while taking advantage of them. Last week I've mentioned the concepts of VoIP, WiFi and Cell phone spam that are slowly starting to take place.

Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored the technological revolution of spamming to come -- IPSec is also said to be dead by 2008..

"The current glut of anti-spam vendors is about to end, analysts at Gartner said Wednesday. But enterprises shouldn’t stay on the sidelines until the shakeout is over. By the end of the year, Gartner predicted, the current roster of about 40 vendors in the enterprise anti-spam filtering market will shrink to fewer than 10. As consolidation accelerates and as anti-spam technology continues to rapidly change, most of today’s vendors will be "left by the wayside," said Maurene Caplan Grey, a research director with Gartner, and one of two analysts who authored a recently-released report on the state of the anti-spam market."

The consequence of cheap hardware, HR on demand, angel investors falling from the sky on daily basis, and acquiring vendor licensed IP, would result in start ups popping up like mushrooms to cover the newly developed market segments, and some will stick it long enough not to get acquired given they realize they poses a core competency.

Sensor networks, spam traps, bayesian filters, all are holding the front, while we've getting used to "an acceptable level of spam", not the lack of it. What's emerging for the time being is the next logical stage, that's localized spam on native languages, and believe it or not, its gets through the filters, and impacts productivity, the major problem posed by spam.

SiteAdvisor -- I feel I'm almost acting as an evangelist of the idea -- recently responded to Scandoo's concept, by wisely starting to take advantage of their growing database, and provide the feature in email clients while protecting against phishing attacks. End users wouldn't consider insecure search by default in order to change their googling habits, they trust Google more than they would trust an extension, and they'd rather have to worry about Google abusing their click stream, compared to anything else. Anti-Phishing toolbars are a buzz, and it's nice to see the way they're orbiting around it.

Be a mushroom, don't look for an umbrella from day one! Continue reading →

It's Getting Cloudy, and Delicious

For real. A brief summary of the instant links for the last two days :

01. Eight Indian Startups to Watch - "Some startups are offering unique solutions for India’s burgeoning domestic market, others are targeting global markets. Several are going after both. Red Herring has chosen a few below-the-radar young companies that we think are worth watching." - to Investing Technology India on june 10

02. 'Grand Theft Auto' Game Makers Settle With FTC - "A settlement has been reached with the companies behind the popular video game "Grand Theft Auto: San Andreas," Take-Two Interactive and subsidiary Rockstar Games, which were sued for deceptive practices over hidden sexual content in the game." - to Game Investing on june 10

03. Symbian dismisses smartphone security risk - "David Wood, executive vice president of research at Symbian, said on the Symbian website that smartphones only pose a security risk if companies ignore basic practical rules." - to Malware Symbian on june 10

04. AV management 2006 - "We have assembled a comprehensive range from the leading anti-virus products available in today’s market. During our testing, we began by checking the capacity of these respective offerings to cope with basic tasks." - to Security Malware AntiVirus on june 10

05. Zero-Day Exploits Abound at Legitimate Web Sites - "An exploit distribution network controlled by a single organization that was using a network of 40 Internet domains, each of which was linked to an average of 500 infected sites, for a total of roughly 20,000 Web pages forwarding the groups' attacks." - to 0day Vulnerabilities on june 10

06. Taiwan Faces Increasing Cyber Assaults - "A hacker managed to issue an e-mail attachment that contained a fake press release purportedly from the Military Spokesman’s Office describing a meeting between People’s First Party representatives and MND officials." - to InformationWarfare Cyberwarfare Taiwan China on june 10

07. Social- and Interactive-Television Applications Based on Real-Time Ambient-Audio Identification - "We showed how to sample the ambient sound emitted from a TV and automatically determine what is being watched from a small signature of the sound—all with complete privacy and minuscule effort." - to NewMedia Privacy Surveillance on june 10

08. The Evolution of In-Game Ads - "Marketed as a way to help game makers increase their bottom line or make specific titles more realistic, advertisers are continually searching for ways to reach new audiences—young males and beyond."- to Game Advertising ... on june 11

09. Risks of Keeping User Data Outweigh Benefits - "Large data troves are certain to become targets of hackers, identity thieves and unscrupulous insiders. As the raft of recent data breaches has shown, there are plenty of companies, organizations and government agencies that do a lousy job at securing data." - to Security on june 11

10. Protect Me, Protect My Data - "Companies that underestimate security threats to their records do so at their own peril. It can mean a loss of trust and of business." - to Security on june 11

11. Audit finds security weaknesses at NASA center - "The IG’s audit found other problems as well. System administrators also accessed a key server containing security information without adequate encryption and did not remove unnecessary services from the network." - to Security NASA on june 11

12. America's Most Stolen Vehicles - "The Cadillac Escalade had the highest theft claim rate overall, according to the HLDI, and was the most stolen SUV, according to the CCC 2004 stolen vehicle report." - to Security Theft on june 11

13. N Korea in 'US spy plane' warning - "North Korea says it will punish the US, after claiming it is conducting spying flights over its territorial waters." - to Intelligence Reconnaissance on june 11

14. McAfee SiteAdvisor to add site blocking, extend ratings beyond Web - "McAfee is planning enhancements to its recently acquired SiteAdvisor software that will allow the Web-rating application to block inappropriate Web sites, offer safety ratings for online transactions and rate Web links that appear in e-mail and IM windows. - to McAfee SiteAdvisor on june 11

15. Google and Ebay : The MBA Analysis - "In fact, as they researched the paper over the course of the year, the authors came to the conclusion that eBay had no choice but to ally with either Yahoo or Microsoft. Then the Journal reported as much, and the Yahoo/eBay deal went down." - to NewMedia Google Ebay on june 11 Continue reading →

Travel Without Moving - Georgi Markov's KGB Assassination Spot

In the spirit of the previous hot spot in the Travel Without Moving series, here's another one, this time Georgi Markov's KGB Assassination spot. Georgi Markov was killed in London, in 1978, using a tiny pellet fired from an umbrella containing 0.2 milligram dose of poison ricin.

You may also find this Time Out's briefing on London's espionage locations interesting. Continue reading →

Going Deeper Underground

IT Security Goes Nuclear, at least that's what they say.

"Venture capitalists are predicting a "business boom below ground" as blue-chip companies turn to nuclear bunkers built at the height of the Cold War in the battle to protect sensitive electronic data. The latest private equity investor to move in on the area is Foresight Venture Partners, which has just taken a 20 per cent stake in The Bunker Secure Hosting."

But no matter how deep underground you are, you would still be providing an Internet connection given you're a hosting company. That's an open network, compared to a closed one which is more easy to control -- thick walls wouldn't matter when it comes to connectivity and insiders. It's logical for any data to be stated as secure in that type of environment, but an authorized/unauthorized "someone"will want to use and abuse it for sure.

VCs often exagerate to develop a market sector they somehow envision as profitable in the long term, the real issue is that, while the idea is very marketable, you cannon base future trends on this fact only. They'd better invest in market segments such as portable security solutions, or risk management companies such as Vontu and Reconnex, which I covered in a previous post related to insiders abuse. Continue reading →

There You Go With Your Financial Performance Transparency

Truly amazing, and the inavitable consequence of communication retention in the financial sector, but I feel it's the magnitude that resulted in Enron's entire email communication achive that's seems available online right now.

"Search through more hundreds of thousands of email messages to and from 176 former Enron executives and employees from the power-trading operations in 2000-2002. For the first time, they are available to the public for free through the easy-to-use interface of the InBoxer Anti-Risk Appliance. Create a free account, and go to work. You can search for words, phrases, senders, recipients, and more."

The interesting part is how their ex-risk management provider is providing the data, in between fighting with the Monsters in Your Mailbox. Continue reading →

All Your Confidentiality Are Belong To Us

The proof that commercial and open source encryption has surpassed the technologies to police it, or the idea that privacy and business growth as top priorities would ruin the whole initiative?

"The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals. Part III of the Regulation of Investigatory Powers Act 2000 (RIPA) will, as it stands, give police the authority to force organisations and individuals to disclose encryption keys. The Government issued the public consultation on the code of practice for Part III, which will regulate how police and the courts use powers under the legislation, on Wednesday."

It would be interesting to see how they would initiate the response from individuals, without raising the the eyebrows on the majority of civil liberties watch dogs out there and, of course, businessess. That's of course, assuming they use encryption at the first place. Could be much more "wiser" to take advantage of covert practices to obtain the necessary information, instead of "forcing" this measure -- detecting encrypted/covert communication channels is another topic. Moreover, compared to the Australian police whose capabilities of obtaining information on criminals include the use of spyware is a bit contraversial, but adaptave approach.

If national infrastructure security matters, have individuals and enterprises personally take care of their security and encryption keys, promote data encryption, instead of dictating the vibrations by slowing down the basics through such laws. Continue reading →

Brace Yourself - AOL to Enter Security Business

In the re-emergence of the Web, AOL got the attention it never imagined it would get, Microsoft and Google fighting for a share of its modest, but strategic amount of eyeballs. After being an exclusive part of Time Warner's balance sheet since its early acquisition, and with a $510M fine, dial-up business that was profitable by the time telecoms started offering cable connections, due to the years of infrastructure renovation, the though to be mature online advertising model is what saved it. Now, AOL is basically putting half its leg into the red hot security market and wisely playing it safe as :

"AOL plans to expand into security services with the release of the Active Security Monitor, expected on Thursday. The program would also check to make sure Internet Explorer is properly configured to prevent security holes. "ASM determines a security score for your PC, and for all other PCs in your home network, by evaluating the status of all the major components needed for a robust system: Anti-Virus software, Anti-Spyware software, Firewall protection, Wireless Security, Operating System, Web Browser, Back up software and PC Optimization."

After the scoring, I presume it would "phone back home" and let AOL know what end users are mostly missing, then a solution provided by AOL, or a licensee would follow. Benchmarking against AOL's understanding of application based security is tricky, and I bet you already know the programs necessary to establish common sense security on your PC/network. Who's next to enter the security industry besides Microsoft and AOL, perhaps DoubleClick?

CNET has naturally reviewed the Active Security Monitor. Continue reading →

An Over-performing Spammer

Th3 4r7 0f $3nd!ng spam messages is evolving like never before, and while spammers are still catching up with the newest technologies such as VoIP, WiFi, Cell phones -- newest at least in respect to spamming -- trying to avoid the now mature indystry's practices, and taking advantage of the growing economies and their newbie users as victims, is what keeps it going.

I simply couldn't resist not to share this, seems like this spammer is totally overperforming himself. How would I fell a victim into this, given I cannot read what I'm about to get scammed with?

Spammers today are in a world of pain when it comes to the industry's experience in detecting their messages, still, spam continues to represent the majority of email traffic worldwide, and it's getting more creative. Images, "marketing" messages that you can barely read, old psychological tricks, but still, out of couple of million messages, someone still takes it personal, and feels like making a deal online.

Why spamming works? Because of the ubiquity of email, because of the freely available, marketed as fresh, email lists, and at the bottom line, the price for a spammer to send couple of million emails is getting lower with botnets on demand becoming a commodity. End users, end up sending spam to themselves for being infected with malware. What's next? Spamming is still catching up with the technological posibilities, and Chinese telecom operators for instance happen to be the most experienced ones in filtering mobile phones spam -- guess they're also over-performing in between censorship. Continue reading →

Bedtime Reading - Rome Inc.

If the Baby Business helped you envision the future, "Rome Inc - The Rise and Fall of the First Multinational Corporation" is going to help you perceive the past within today's corporate culture -- and Stanley Bing makes good points on every stage of the empire.

Basically, the book emphasizes on the "first multinational corporation" Rome, selling the ultimate product of its time - citizenship. Moreover, it goes in-depth into the concept of moguls and anti-moguls, and how their tensions indeed create an enterpreneurial and corporate culture in 120 A.D.

Every industry has moguls and anti-moguls, the behind the curtain disruptors at a specific stage. What are some of the characteristics of a mogul?

- Commision their PR
- Exercise power when feeling endangered -- elephants against the mice warfare
- Indirectly control the media that's "winning points" for quotations, and "credible" content
- Generally, tend to believe in being the Sun, when the universe tends to have so many dwarfs, and dimensions altogether
- Hide behind C-level positions
- Talk more than actually listen
- When they sneeze the whole industry gets cold

Certain societies, if not all, get obsessed with superficially creating heroes, so profesionally that at a certain point, the "hero" cannot deny any of the praises, but starts living with them and the load that comes altogether. Get hold of this masterpiece, you're gonna love it! Continue reading →

Phantom Planes in the Skies

I can barely imagine the panic with a non-responding -- can it respond when it's not there? -- plane in the sky, at least by the time a visual confirmation reveals the truth. In the post 9/11 world, airports were among the first strategic targets to get the funding necessary to protect against the threats fabricated in a think-tank somewhere. Money are wasted in this very same fashion on a daily basis, with no clear ROI, just established social responsibility and common sense security. Disinformation can always happen in sky, as "Flaw may lead to air chaos". From the article :

"Hackers armed with little more than a laptop could conjure up phantom planes on the screens of Australia's air traffic controllers using new radar technology, warns Dick Smith. The prominent businessman and aviator claims to have found another serious security flaw in the new software being introduced into the air traffic control system. He has challenged Transport Minister Warren Truss to allow him to set up a demonstration of the problem at a test of the technology in Queensland to show how hackers could exploit the automatic dependent surveillance broadcasting (ASD-B) system to create false readings on an air traffic controller's screen. The air space activist says he was told of the flaw by US Federal Aviation Administration staff."

Compared to a speculation I described in a previous post "Why's that radar screen not blinking over there?", these practices are highly natural to ELINT planes/warfare, and in the capabilities of experienced staff members as pointed out in the article. Everything is buggy, and so is the ASD-B system for sure, but the problem from my point of view, is the possibility for a "talkative leakage", and the procedures, if any, to internally report bugs like these, and get them fixed of course.
Phantom Warhawk image courtesy of Les Patterson. Continue reading →

Where's my Fingerprint, Dude?

Personal data security breaches continue occurring, and with the trend towards evolving to a digital economy, it's inevitably going to get ever worse. In a recently revealed case "Lost IRS laptop stored employee fingerprints", from the article :

"A laptop computer containing fingerprints of Internal Revenue Service employees is missing, MSNBC.com has learned. The computer was lost during transit on an airline flight in the western United States, IRS spokesman Terry Lemon said. No taxpayer information was on the lost laptop, Lemon said. In all, the IRS believes the computer contained information on 291 employees and job applicants, including fingerprints, names, Social Security numbers, and dates of birth."

For the time being the largest accommodator of fingerprints in the world is the U.S.A, and this fact affects anyone that enters the U.S. My point is that, given the unregulated ways of classifying, storing, transfering and processing such type of information would result in its inavitable loss -- bad in-transfer security practices or plain simple negligence.

As we're also heading to a biometrics driven society, the impact of future data security breaches will go way beyond identity theft the way we know it -- lost and stolen voice patterns, DNAs, and iris snapshots would make the headlines. You might also be interested in knowing how close that type of "future scenario" really is given the modest genetic database of 3 million Americans already in existence.

Things are going to get very ugly, and it's not the privacy issue that bothers me, but the aggregation of such type of data at the first place, and who will get to steal it. It's perhaps the perfect market timing moment to start a portable security solution provider, or resell ones know-how under license, of course. Continue reading →

Skype as the Attack Vector

It's often hard to actually measure the risk exposure to a threat, given how overhyped certain market segments/products' insecurities get with the time. Gartner, and the rest of the popular marketing research agencies seem to be obsessed with Skype as the major threat to enterprises, while Skype isn't really bad news, compliance is, in respect to VoIP, P2P, IM and Email communications retention or monitoring. From the article :

"The most recent bug in Skype is another clue to enterprises that they should steer clear of the VoIP service, research firm Gartner recently warned. Two weeks ago, Skype patched a critical vulnerability that could let an attacker send a file to another user without his or her consent, and potentially obtain access to the recipient's computer and data. This vulnerability follows three in 2005 (two high-risk, one low-risk) and highlights the risk of not establishing and implementing an enterprise policy for Skype," wrote Gartner research director Lawrence Orans in an online research note. "Because the Skype client is a free download, most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."

There's a slight chance an enterprise isn't already blocking Skype, using both, commercial and public methods wherever applicable. Moreover, it would be much more feasible to consider the fact that, if the enterprise -- assuming a U.S one -- isn't blocking the use of Skype, it must somehow monitor/retain its use in order to comply with standard regulations. Skype poses the following problems :

- inability for the enterprise to retain the IM and VoIP sessions in accordence with regulations
- wasted bandwidth costing loss productivity and direct cash outflows, slowdown for critical network functions
- covert channels possibilities

Several months ago, Skype was also discussed as a command'n'control application for botnets, while steganography based communications and plain-simple encrypted/stripped IRCd sessions remain rather popular. Malware authors are actively looking for ways to avoid IRC given the popularity it has gained and the experience botnet hunters have these days.

Skype is the last problem to worry about, as in this very same way the recent vulnerabilities in major market leading AVs would have had a higher risk exposure factor as there's a greater chance of occurrence of malware, than a Skype vulnerability. It's the vulnerabilities in software in principle you have to learn how to deal with, and third-party applications that somehow make it on your company's network.

More resources :
Skype Security Evaluation
Silver Needle in the Skype
Skype Security and Privacy Concerns
Impact of Skype on Telecom Service Providers Continue reading →

Travel Without Moving - KGB Lubyanka Headquarters

Yet another hot spot in this week's Travel Without Moving series - this time it's Lubyanka Square's KGB Headquarters. There are still lots of Cold War sentiments in the air among yesterday's and today's super powers and you just can't deny it. Today's FSB, the successor to the KGB, is taking a very serious approach towards counter-intelligence, and offensive scientific intelligence practices in a much more synergetic relationship with the academic world compared to years ago. While the CIA is undisputably the most popular foreign intelligence agency, and more of a front end to the NSA itself from my point of view, the KGB still remains reponsible for very important and "silent" moments in the world's history.There were moments in the very maturity of the Cold War, when both, the CIA, and the KGB were on purposely disinforming their operatives in order to keep them motivated and fuel the tensions even more, but compared to the CIA with its technological know-how, KGB's HUMINT capababilities didn't get surpassed by technologies. Among the key success factors for the intelligence agency was the centralized nature of the command of chain, total empowerment, common and obsessive goal, and clear enemy.

Today's trends mostly orbit around :

- information sharing, that is less complexity among different departments and agencies
- win-win information sharing among nations
- offensive and defensive CYBERINT, harnessing the power, or protecting against the threats posed by the digital era
- automated and efficient mass surveillance practices- eliminating "safe heavens"

In case you really want to go in-depth into what has happened during the last couple of decades, Vasilli Mitrohih's KGB Archives are worth reading. And the true-retro gamers can take the role of "Captain Maksim Mikahilovich Rukov, recently transferred to the Department P from the GRU after three years' duty to investigate possible corruption inside the KGB (after a former agent turned private eye was found murdered). However, as the plot progresses, Rukov finds himself investigating a party hardliner anti-perestroika plot that threatens the life of General Secretary Mikhail Gorbachev" while playing KGB - Conspiracy game. Continue reading →