If you could only eradicate the radicalization of immature islamic youth over the Internet with the push of a button. Great surgical shot!
Continue reading →
Continue reading →
Every breath you take, every move you make, I'll be watching you. Used to be a great song, but has a disturbing context these days. Nino Leitner's EveryStepYouTake documentary on the state of surveillance in the U.K will premier this month, and I suspect the full version will be made available for the world to see too :"Trying to answer questions like these, Nino Leitner’s one-hour documentary “EVERY STEP YOU TAKE” digs deep into an entirely British phenomenon: nation-wide video surveillance. It features formal interviews with the surveillance researcher Professor Clive Norris, Deputy Chief Constable Andy Trotter from the British Transport Police, a representative of Britain’s largest civil rights group Liberty, a CCTV manager from a public local CCTV scheme, experts in the field of transport policing and many more. The surveillance reality in Britain is compared with another member of the E.U., Austria. Compared to the UK, it can be seen as a developing country in terms of CCTV, but just as elsewhere all over the world, politicians are eager to extend the surveillance gaze."
Here's an animation to help you explain what surveillance means to your cat, another one fully loaded with attitude, and let's not exclude the big picture.
Related posts:
London's Police Experimenting with Head-Mounted Surveillance Cameras
Head Mounted Surveillance System
Eyes in London's Sky - Surveillance Poster
External links
Continue reading →
Nitin Kumar and Vipin Kumar are about to present the Vbootkit at the upcoming Blackhat and HITB cons :"We have been recently researching on Vista. Meanwhile, our research for fun lead us to some important findings. Vista is still vulnerable to unsigned code execution.vbootkit is the name we have chosen ( V stands for Vista and boot kit is just a termed coined which is a kit which lets you doctor boot process).vbootkit concept presents how to insert arbitrary code into RC1 and RC2, thus effectively bypassing the famous Vista policy for allowing only digitally signed code to be loaded into kernel. The presented attack works using the custom boot sectors.Custom boot sector are modified boot sectors which hook booting process of the system & thus, gains control of the system. Meanwhile, the OS continues to boot and goes on with normal execution."
Vulnerabilities are an inevitable commodity, they will always appear and instead of counting them on an OS or software basis, consider a vendor's response time while following the life of the security threat. I never actually liked the idea of an insecure OS, to me there're well configured and badly configured OSs in respect to security, but then again if you're a monocultural target the way Microsoft is, you'll always be in the zero day spotlight. A security breach will sooner or later hit your organization, don't talk, act and pretend you're 100% secure because you cannot be. Instead a little bit of proactive measures balanced with contingency planning to minimize the impact is what should get a high priority in your strategy. Here's a related post.
Cartoon courtesy of Userfriendly.org Continue reading →
Enterprise 2.0 is slowly gaining grounds and you cannot deny it despite top management's neutral position on yet another major "Reengineering of the Corporation". Supply chain management was perhaps among the first departments to really utilize the power of real-time information, and interoperable data standarts -- a mashup-ed ecosystem -- but improving your employees productivity through Web 2.0 tools such as intranet blogs and wikis remains just as unpopular as actual Fortune 500 companies blogging? But how come? Lack of evangelists? Not at all. There's one minor obstacle, you cannot teach an old dog new tricks, unless of course you dedicate extra investments into training him, which is exactly what I feel is happening at the corporate stage - everyone's patiently waiting for the concepts to mature before training and implementation happen for real. What's the current attitude towards external Web 2.0 activities? A Fortune 500 blogosphere isn't emerging as fast as the mainstream one is according to the Fortune 500 Business Blogging Wiki :"a directory of Fortune 500 companies that have business blogs, defined as: active public blogs by company employees about the company and/or its products. According to our research, 40 (8%) of the Fortune 500 are blogging as of 10/05/06. The navigation sidebar to the right lists all the Fortune 500 companies. The list below are the ones that we've found so far that have public blogs as defined above. Please help us by entering data on those we've missed. ONLY Fortune 500 companies, please. If you're not sure if it's on the F500 list (it includes US companies only), check the sidebar. If it's not there, consider adding it to the Global 1,000 Business Blogging page instead."
I think the main reason behind this are the inevitable channel conflicts that will arise from let's say Pfizer's blogging compared to using the services of their traditional advertising and PR agencies -- I also imagine a links density analysis of their blog indicating the highest % of links pointing to Erowid.org. But ask yourself the following, what if these very same agencies start offering bloggers-for-hire in their portfolio of services, would the big guys get interested then? Or when will they start understanding the ROI of blogging? Continue reading →
Courtesy of WatchGuard part three of their malware analysis series walks you through various commercial and free utilities for detecting and removing rootkits :
"In this episode, Corey and his Magic White Board show how kernel mode rootkits work. Also covered: recommended tools and techniques for detecting and removing rootkits."
Continue reading →
"In this episode, Corey and his Magic White Board show how kernel mode rootkits work. Also covered: recommended tools and techniques for detecting and removing rootkits."
Continue reading →
I wonder what are the low lifes actually protecting themselves from? Malware attacks in principle, or preparing to prevent a malware infection courtesy of an unamed law enforcement agency given their interest in coding malware :"German police officials have expressed interest in developing software tools to help them surveil computer users who may be involved in crime. The tools might include types of software similar to those used in online fraud and theft schemes, such as programs that record keystrokes, logins and passwords. Security companies, however, are asserting that they wouldn't make exceptions to their software to accommodate, for example, Trojan horse programs planted by law enforcement on users' computers."
This is a very contradictive development that deserves to be much more actively debated around the industry than it is for the time being. Law enforcement agensies and intelligence agencies have always been interested in zero day vulnerabilities and firmware infections, thus gaining a competitive advantage in the silent war. Among the most famous speculations of an intelligence agency using malicious code for offensive purposes is the infamous CIA infection/logicbomb of Russian gas pipeline :
"While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy. Its ultimate bankruptcy, not a bloody battle or nuclear exchange, is what brought the Cold War to an end. In time the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the operation. The faulty software was slipped to the Russians after an agent recruited by the French and dubbed "Farewell" provided a shopping list of Soviet priorities, which focused on stealing Western technology."
Excluding the spy thriller motives, nothing's impossible the impossible just takes a little while, and the same goes for SCADA devices vulnerabilities and on purposely shipping buggy software. Anti virus vendors will get even more pressure trying to protect their customers from not only the malware released by malware authors, but also from the one courtesy of law enforcement agencies. Cyber warfare is here to stay, no doubt about it, but using malware to monitor suspects will perhaps prompt them to keep an eye on the last time their AV software got updated, and still keep pushing the update button in between. Continue reading →
A spammer's biggest trade off - making it through anti-spam filters doesn't mean the email receipt will even get the slightest chance of understanding what he's about to get scammed with."We have seen SPAM using ASCII ART in order to avoid being detected by antispam filters. Most of the times, they try to show different words (Viagra, etc.) using this technique, but this is the first time I have seen them showing a picture. It is not a very high quality one, but I’ve tried it with some different antispam filters and they have been fooled."
Here's an old school ASCII generator you can play around with, and a related image from a previous post on overperforming spammers. Continue reading →
Symantec (SYMC) just released their latest Internet Security Threat Report, a 104 pages of rich on graphs observations, according to the data streaming from their sensor network :"Volume XI includes a new category: “Underground Economy Servers”. These are used by criminals and criminal organizations to sell stolen information, including government-issued identity numbers, credit cards, bank cards and personal identification numbers (PINs), user accounts, and email address lists. To reduce facilitating identity theft, organizations should take steps to protect data stored on or transmitted over their computers. It is critical to develop and implement encryption to ensure that any sensitive data is protected from unauthorized access."
In between their coverage on various segments such as vulnerabilities, phishing, spam, and yes malware despite that I'm having my doubts on SMTP as the major propagation vector on a worldwide scale, I came across to a nice figure summarizing their encouterings while browsing around various forums and web sites.
The question is - why are these underground goods cheaper than a Kids' menu at McDonalds as I've once pointed out at O'Reilly's Radar post on spamonomics? Because in 2007 we can easily speak of "malicious economies of scale" thus, profit margin gains despite the ongoing zero day vulnerabilities cash bubble at certain forums, doesn't seem to be that very important. So can we therefore conclude that greed isn't the ultimate driving force, but trying to get rid of the stolen information in the fastest way possible in between taking into consideration its dissapearing exclusiveness with each and every minute? The principle goes that a dollar earned today is worth more than a dollar earned tomorrow, but how come? Simple, by tomorrow the exclusiveness of your goods might by just gone, because the affected parties detected the leaks and took actions to prevent the damage.
Issues to keep in mind regarding the graph:
- Harvested spam databases have been circulating around for years and so turned into a commodity, for instance, I often come across geographically segmented databases or per email provider segmented ones, not for sale, but for free. So how come the "good" is offered for free? It's obviously fine for the "good" to be offered for free when there's a charge for service, the service of verifying the validity of the emails, the service of encoding the message in a way to bypass anti spam filters, and the service of actually sending the messages
- Where's the deal of a malicious party when selling an online banking account with a $9,900 balance for just $300? For me, it's a simple process of risk-forwarding to a party that is actually capable of getting hold of the cash
- Yahoo and Hotmail email cookies per piece? Next it will be an infected party's clickstream for sale, and you'll have the malicious parties competing with major ISPs who are obviously selling yours for the time being.
- Compromised computers per piece? Not exactly. Entire botnets or the utilization of the possible services offered on demand for a price that's slightly a bit higher than the one pointed out here.
Psychological imagation is just as important as playing a devil's advocate to come up with scenario building tactics in order to protect your customers and yourself from tomorrow's threats.
Related images:
- surveying potential buyers of zero day vulnerabilities in order to apply marginal thinking in their proposition
- advertisement for selling zero day vulnerabilities
- listing of available exploits
- zero day vulnerabilities shop, I'm certain it's a PHP module that's currently hosted somewhere else
- the WebAttacker toolkit
- The RootLauncher
- The Nuclear Grabber and geolocated infections-- site dissapeared already
Continue reading →
And hey, that's from someone attending the Microsoft MVP for N-th time :"I was invited to attend the Microsoft MVP Summit last week. If you want to know what the Summit is about or what a MS MVP is, Google is your friend."
Microsoft's MVP is a great corporate citizenship tool, whereas empowering and crediting the individual on a wide scale compared to internal reputation benchmarking is an indirect use of the "act as an owner" management tactic -- implement it. Supporting existing standarts -- look up interoperability -- benefits us all, reinventing the wheel without an unique vision besides ever increasing (projected) profit margins, wouldn't even benefit the company in the long term.
If you truly want to disrupt, disrupt by first (legally) taking the advantage of using someone else's already developed foundations to do so, the rest is attitude and hard to immitate competitive advantages. Good brainstorming questions in Anil's post whatsoever. Continue reading →
In a previous post I commented on O'Reilly.com's war on spam according to their statistics, and thought you might find the most recent TechCrunch blog spam stats they've recently provided, informative as well :"On January 4 we reported that the Akismet filter had stopped a million spam comments from reaching TechCrunch. At that point we’d been using it for about nine months. The number of blocked spam comments is now two million, just ten weeks later. That works out to about 15,000 spam comments hitting TechCrunch every day. If we did not have Akismet, we couldn’t allow anonymous commenting here on TechCrunch. We used to go through all spam comments to pick out the occasional false positive and accept it. Now, there are just too many to go through. All comments marked by Akismet as spam get deleted almost immediately."
I turned blog comments off quite a while ago and to be honest, the best comments, recommendations and tips, as well as people I've met through this blog, I received over email and backlinks. Keep 'em coming! Moreover, it's not just the inability of service providers to keep up with the aggresive generation of splogs, but malicious parties are already exploiting some of the fancy features that make blogs so flexible when it comes to personalization and social networking. Next time Fortinet will come up with another advisory, this time discussing MySpace so consider it as a cyclical shift from one provider to another depending on the current defenses in place -- blackhat SEO. Continue reading →
Some stats try to emphasize on the number of people affected while forgetting the key points I outlined in a previous post related to why we cannot measure the real cost of cybercrime, and yes, duplicates among the affected people in any of the statistics available. The number of people affected will continue to rise, but that's not important, what's important is to identify the weakest link in this process, and for the time being, you're a "data hostage" in order to enjoy your modern lifestyle -- ever asked yourself what's gonna happen with your digital data after you're gone?Spreadsheet nerds, here's something worth taking the time to around with, most importantly this huge dataset debunks the common myth of hackers taking the credit for the majority of personal data security breaches, whereas as you can see in the figures, on the majority of occasions -- and it's an ongoing trend -- companies themselves should get into the spotlight :
"On average, in 2005 personal records were compromised at a rate of 5.2 million a month. On average, in 2005 personal records were compromised at a rate of 5.8 million a month. Assuming a similar rate of growth, by November or December this year we we should cross the 2.0 billion mark. This is a conservative estimate because many of the news stories we archived were conservative on their own estimates of how many records were lost in particular incidents, and because a small number of incidents are reported without details of how many personal records were compromised.
View figures and tables of this paper as a *.pdf. View pre-publication draft of paper as a *.pdf. View dataset of incidents as a *.xls. View University of Washington Press office news release on this research."
Graphic presenting the risk of identity theft in the U.S only, based on the severity of data breaches, courtesy of the Danny Dougherty.
The folks at Security-Database.com -- who by the way expressed their excitement over my blog -- just released an outstanding mind mapping graph on the most common firefox security extensions used for various purposes starting from information gathering, and going up to data tampering :"FireCAT is based upon a paper we wrote some weeks before (Turning firefox to an ethical hacking platform) and downloaded more than 25 000 times. We also thank all folks that encouraged us and sent their suggestions and ideas to make this project a reality. This initial release is presented as a mindmap and we are open to all your suggestions to make it a really good framework for all the community of security auditors and ethical hackers. We will make a special page for this framework soon to let you monitor this activity."
Great idea, reminds of Ollie Whitehouse's excellent mind mapping of mobile device threats. The semantics of security when applied in a visualized manner have the potential to limit the "yet another malware variant in the wild" type of news articles, or hopefully help the mainstream media break out of the "echo chamber" and re-publishing myopia, thus covering the basics.Anyway, which is the most useful tool you'll ever encounter? It's called experience. Which is the most important threat to keep an eye on? It's your inability of not knowing what's going on at a particular moment, lack of situational awareness. Continue reading →
Continuing the coverage on the U.S government's overall paranoia of using outsourced software on DoD computers, even hardware -- firmware infections are still in a spy's arsenal only -- in a recent move by the Defense CIO office a tiger team has been officially assigned to audit the software and look for potential backdoors :"The Pentagon is fielding a task force charged with testing software developed overseas, according to a Defense Department official. The “tiger team,” organized within the Defense CIO’s office, is ready to move to the implementation stage, said Kristen Baldwin, deputy director for software engineering and systems assurance in the Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics. Baldwin spoke yesterday at the DHS-DOD Software Assurance Forum in Fairfax, Va. “Tiger team” is a software-industry term for a group that conducts penetration testing to assess software security. “Success means they understand where their focus needs to be and how to prioritize their efforts,” Baldwin said. “They understand the supply-chain impact on systems engineering, and are ready to move forward in an effort to mitigate assurance risk.”"
There's another perspective you should keep in mind. Looking for backdoors is shortsighted, as the software may come vulnerabilities-ready, so prioritizing whether it's vulnerabilities or actualy backdoors to look for will prove tricky. The use of automated source code auditing may prove valuable as well, but taking into consideration the big picture, if you were to track the vulnerabilities that could act as backdoors in U.S coded software -- taking Windows for instance -- compared to that of foreign software, you'll end up with rather predictable results.
The bottom line, does shipping an insecure software has to do with source code vulnerabilities, or should the threat be perceived in relation to backdoor-shipped software? The true ghost in the shell however remain the yet undiscovered vulnerabilities in the software acting as vectors for installing backdoors, not the softwared itself shipped backdoor-ready. Meanwhile, are stories like these a violation of OPSEC by themselves? I think they are. Continue reading →
Iran's a rising star these days. It's not just that the country recently launched it's first missile into space despite efforts of the international community to ban its nuclear program, got caught into obtaining sensitive military technology, is currently helping the enemies(Hezbollah) of its enemies(the U.S) but also, have Russia enriching their uranium in between legally supplying them with technology and upgrade parts the U.S put an embargo on -- business as usual. Here's a very in-depth and informative timeline of Iran's entire nuclear program saga :"The Bush Administration has almost certainly not approved the timing of military operations against Iran, and consequently any projection of the probable timing of such operations is neccessarily speculative. The election of Mahmoud Ahmadi-Nejad as Iran's new president would appear to preclude a negotiated resolution of Iran's nuclear program. The success of strikes against Iran's WMD facilities requires both tactical and strategic surprise, so there will not be the sort of public rhetorical buildup in the weeks preceeding hostilities, of the sort that preceeded the invasion of Iraq. To the contrary, the Bush Administration will do everything within its power to deceive Iran's leaders into believing that military action is not imminent."
Here's another timeline, this time of U.S-Iran contracts from 1979 until today. Continue reading →
I thought I've seen the best close-ups from Google Maps in the top 10 naked people on Google Earth, but this screenshot is spooky as the guy is even looking straight into the sky which makes it even more interesting catch. It proves ones thing, Google are capable of providing high-res satellite imagery, which they aren't on a mass scale for the time being. Shall we speculate on the possible reasons why is this guy looking above, remotely controlled aerial surveillance device, but what's the relation with Google Maps whatsoever? More at Google Blogoscoped, as well as in previous posts related to the topic.
Continue reading →
Visualization in military brienfings and intelligence gathering has been a daily lifestyle of analysts for years, but combining visualization and touchscreens makes it the perfect combination to boost productivity. We're very near to entering the stage where VR will not only save lifes in a war zone, but also allow a skilled and hard to replace warrior to operate a device while enjoying his Coke back home. Great demonstration. Via Defensetech.Go through related posts on visualization and its future impact on information security and intelligence as well. Continue reading →
Outstanding animation covering pretty much all of the current engagement points in case a missile is fired from anywhere across the world, total syncronization between air, land and naval force, and I must say the background music is excellent too.
In a previous post, Who Needs Nuclear Weapons Anymore? I provided my reflection on the overal shift of threats nowadays compared to the ones back in the Cold War days you may informative, as well as an essay I wrote back in 1998. Cryptome's Eyeballing of Missile Defense is also worth going through. Continue reading →
In a previous post, Who Needs Nuclear Weapons Anymore? I provided my reflection on the overal shift of threats nowadays compared to the ones back in the Cold War days you may informative, as well as an essay I wrote back in 1998. Cryptome's Eyeballing of Missile Defense is also worth going through. Continue reading →
Nice slideshow courtesy of eWeek providing various screenshots related to Vladuz's impersonation attacks on Ebay :"And whether or not Vladuz is responsible for writing a tool to automatically skim eBay customers accounts and thus cause sharp spikes in bogus listings being taken down and relisted multiple times a day, he or she has the mythic reputation at this point to be credited as the cause."
Compared to diversifying its targets, permanently sticking to Ebay as the main target is already prompting the Web icon to put more efforts into tracking him down. Last year for instance, automated bots exploited Ebay's CAPTCHA and started self-recommending each other, but with Vladuz's Ebay CAPTCHA Populator, improving the quality of Ebay's authentication process should get a higher priority than tracking him down as another such tool will follow from someone else out there. Continue reading →
It's not just a stereotyped beauty model, advanced image editing tools and techniques can make you believe in, but they can also influence your understand of reality too as you can see in Wired's famous altered photos collection :"A picture is worth a thousand words, and Photoshop and similar tools have made it easier than ever to make those words fib. But while computers enable easier and better photo manipulation, it is hardly a new phenomenon. Here is a sampling of some of the more famous altered photographs from the last century."
Here's a free service letting you fake photos. Here's another one as well as a variant of mine in relation to a previous post. Continue reading →
Keyloggers on demand, the so called zero day keyloggers ones created especially to be used in targeted attacks are something rather common these days. Among the many popular ones that remained in service and has been updated for over an year is The Rat! Keylogger. Here are some prices in virtual WMZ money concerning all of its versions :The Rat! 7.0XP - 29 WMZ
The Rat! 6.0XP/6.1 - 22 WMZ
The Rat! 5.8XP - 15 WMZ
The Rat! 5.5XP - 13 WMZ
The Rat! 5.0XP - 9 WMZ
The Rat! 4.0XP - 8 WMZ
The Rat! 3.xx - 7 WMZ
The Rat! 2.xx - 6 WMZ
An automated translation of its features :For the installation to the machines with the operating systems Windows xp, Windows 2000 and on their basis. Finale - apotheosis! Let us recall again, for which we love our rodent:
- the size of file- result is record small - 13 312 bytes in the nezapakovannom form (with the packing with use FSG, 6 793 bytes!).
- not it detektitsya as virus by antiviryami.
- it follows the buffer of exchange.
- the system of invisibility and circuit of fayervola.
- the fixation of pressure you klavish' in the password windows and the console.
- the sending of lairs on e-mail, with the support to autentifikatsii RFC - 2554.
- the encoding of dump.
- tuning the time of activation and time of stoppage
- removal in the time indicated without it is trace and reloading.
Digital fingerprints will follow as soon as I finish bruteforcing the password protected archives. Continue reading →
Subscribe to:
Comments (Atom)
RSS Feed