Give it back!

February 24, 2006
According to a recent article "Secret program reclassifies documents" :



"Researcher Matthew Aid has discovered a secret reclassification program that has moved thousands of declassified pages out of the National Archives and Records Administration's facility in Maryland. Some groups, such as George Washington University's Nation Security Archive, are fighting to end the program, arguing that the government has no right take back information it has published. The reclassification has been ongoing since 1999 as the Central Intelligence Agency, the Defense Intelligence Agency, and the Defense and Justice departments take back information they say had been inadvertently published. The National Security Archive describes some of the documents that have been reclassified as uninteresting and mundane."



And from The National Security Archive :



"Washington, D.C., February 21, 2006 - The CIA and other federal agencies have secretly reclassified over 55,000 pages of records taken from the open shelves at the National Archives and Records Administration (NARA), according to a report published today on the World Wide Web by the National Security Archive at George Washington University."



OSINT has greatly evolved from President Nixon's remark in respect to the CIA “What use are they? They’ve got over 40,000 people over there reading newspapers.”, whereas Secrecy is a major weakness to the national security of a country in a very complex way. I feel that sometimes, you need the average citizen's unbiased opinion on a major issue, but I guess I'm not into politics, just figuring out what is going on at the bottom line!



More on Secrecy, Intelligence, Misc :

Making Intelligence Accountable
Why Spy? The Uses and Misuses of Intelligence (1996)
Intelligence Analysis for Internet Security : Ideas, Barriers and Possibilities
U.S. Electronic Espionage : A Memoir
Terrorism prevention in Russia : one year after Beslan
Crypto Law Survey
Cryptome
Project on Government Secrecy
Shhh!!: Keeping Current on Government Secrecy



Technorati tags :
, Continue reading →

Master of the Infected Puppets

February 24, 2006
In some of my previous posts, "What are botnet herds up to?", "Skype to control Botnets", "The War against Botnets and DDoS attacks", and "Recent Malware Developments", I was actively providing resources and updating my blog readers (thanks for the tips and the info sharing, I mean it!) related to one of the most relevant threats to the Internet ( more trends and bureaucracy ) - Botnets.





I recently came across a well researched report giving a very in-depth overview and summary of important concepts related to Botnets. Recommended bed time reading, and here's an excerpt :





"In this paper we begin the process of codifying the capabilities of malware by dissecting four widely-used Internet Relay Chat (IRC) botnet codebases. Each codebase is classified along seven key dimensions including botnet control mechanisms, host control mechanisms, propagation mechanisms, exploits, delivery mechanisms, obfuscation and deception mechanisms. Our study reveals the complexity of botnet software, and we discusses implications for defense strategies based on our analysis"





Some of the findings that I also came across in my "Malware - future trends" search worth mentioning are :







- "The overall architecture and implementation of botnets is complex, and is evolving toward the use of common software engineering techniques such as modularity." Namely, no one is interested in reinventing the wheel again, and the Simple Botnet/Malware Communication Protocol I've once mentioned (originally came across the concept here) could give the malware scene an impressive scale, but could it also put AV vendors and researchers in favorauble position where exploiting protocol weaknesses is more beneficial than current approaches?







- "Shell encoding and packing mechanisms that can enable attacks to circumvent defensive systems are common. However, Agobot is the only botnet codebase that includes support for (limited) polymorphism"







Smart! Mainly because of the fact that "The malware delivery mechanisms used by botnets have implications for network intrusion detection and prevention signatures. In particular, NIDS/NIPS benefit from knowledge of commonly used shell codes and ability to perform simple decoding. If the separation of exploit and delivery becomes more widely adopted in bot code (as we anticipate it will), it suggests that NIDS could benefit greatly by incorporating rules that can detect follow-up connection attempts."



-"All botnets include a variety of sophisticated mechanisms for avoiding detection (e.g., by anti-virus software) once installed on a host system."






Retention instead of acquisition of new zombies would tend to dominate from my point of view. Patching the hosts themselves, hiding presence, dealing with the easy to detect idle zombie's presence, TCP obfuscations, tests for debuggers, are among the current methods used.





Botnets will continue to dominate due to their concept and potential for growth, and while monitoring and doing active research is still feasible, encrypted communications as a logical development should also be researched as a concept, but how many *public* IRC servers, if such are used, support SSL encryption?







Technorati tags :
, , , Continue reading →

Chinese Internet Censorship efforts and the outbreak

February 24, 2006
In some of my January's Security Streams, I did some extensive blogging expressing my point of view on the current Internet censorship activities, and tried to emphasize on the country whose Internet population is about to outpace the U.S one - China. In my posts "China - the biggest black spot on the Internet’s map", "2006 = 1984?", "Twisted Reality", you can quickly update yourself on some of the recent developments related to the topic, but what has changed ever since?


Government bodies such as the DoJ seem to favour the amount of data the most popular and advanced search engine Google holds and tried to obtain information for the purpose of "social responsibility". What's more to consider are some of the weak statements made, namely :



"House Government Reform Committee Chairman Tom Davis (R-VA) has criticized Google for refusing to hand search records over to the US Justice Department while cooperating with China in censoring certain topics. Justice sought the records to bolster its case against a challenge to online anti-pornography laws, but Google refuses to submit the records on privacy grounds. Davis does not expect a standoff between Google and the government, but hopes an agreement can be reached, allowing Google to supply the records without frightening users that their searches may be examined."



and in case you're interested, some of my comments, :



"Is it just me or that must be sort of a black humour political blackmail given the situation?! First, and most of all, the idea of using search engines to bolster the online anti-pornography laws created enough debate for years of commentaries and news stories, and was wrong from the very beginning. Even if Google provide the data requested it doesn’t necessarily solve the problem, so instead of blowing the whistle without any point, sample the top 100 portals and see how they enforce these policies, if they do. As far as China is concerned, or actually used as a point of discussion, remember the different between modern communism, and democracy as a concept, the first is an excuse for the second, still, I feel it’s one thing to censor, another to report actual activity to law enforcement. I feel alternative methods should be used, and porn “to go” is a more realistic threat to minors than the Net is to a certain extend, yet the Net remains the king of content as always."



Google indeed issued a statement, sort of excusing the censorship under the statement of "the time has come to open ourselves to the Chinese market", and while their intentions make business sense, the outbreak had very positive consequences from my point of view - build more awareness and have the world's eyes on the Chinese enforcement of censorship practices, but is it just China to blame given "Western" countries do censor as well, or is it China's huge ambitions of maintaining a modern communism in the 21st century that seem to be the root of the problem?



In an article "A day in the life of a Chinese Internet Police Officer" I read some time ago, you can clearly see the motivation, but also come across the facts themselves : you cannot easily censor such a huge Internet population, instead, guidance instead of blocking, and self-regulation(that is limiting yourself with fear of prosecution) seem to be the current practice, besides jailing journalists! And while sometimes, you really need to come up with a creative topic worth writing about, free speech is among the most important human rights at the bottom line.



Chris Smith, Chairman of the House subcommittee that oversees Global Human Rights, proposed a discussion draft "The Global Online Freedom Act of 2006" "to promote freedom of expression on the internet [and] to protect United States businesses from coercion to participate in repression by authoritarian foreign governments". It is so "surprising" to find out that they are so interested in locating cyber-dissidents : "U.S. search engine providers must transparently share with the U.S. Office of Global Internet freedom details of terms or parameters submitted by Internet-restricting countries." exactly the same way I mentioned in my previous "Anonymity or Privacy on the Internet?" post.



Meanwhile, the OpenNetInitiative also released a bulletin analyzing Chinese non-commercial website registration regulation, giving even further details on the recent "you're being watched" culture that tries to cost-effectively deal with the issue of self-regulation :



"In a report published last year, “Internet Filtering in China: 2004-2005,” ONI shared its research findings that China’s filtering regime is the most extensive, technologically sophisticated, and broad-reaching Internet filtering system in the world. This new regulation does not rely on sophisticated filtering technology, but uses the threat of surveillance and legal sanction to pressure bloggers and website owners into self-censorship. While savvy website owners might thwart the registration requirement with relative ease, the regulation puts the vast majority of Chinese Internet users on notice that their online behaviour is being monitored and adds another layer of control to China’s already expansive and successful Internet filtering regime."



Yet another recent research I came across is a university study that finds out that "60% Oppose Search Engines Storing Search Behaviours", you can also consider the "alternatives" if you're interested :) A lots to happen for sure, but it is my opinion that personalized search is the worst privacy time bomb a leading search engine should not be responsible for, besides open-topic data retention policies and not communicating an event such as the DoJ's one, but complying with it right away, bad Yahoo!, bad MSN!



At the bottom line, Google's notifications of censored content(as of March, 2005 only, excluding the period before!), the general public's common sense on easily evaluating what's blocked and what isn't, and the powerful digital rights fighting organizations that simultaneously increased their efforts to gain the maximum out of the momentum seemed to have done a great job of building awareness on the problem. Still, having to live with the booming wanna be "free market" Chinese economy, and the country's steadily climbing position as a major economic partner, economic sanctions, quotas, or real-life scenarios would remain science fiction.



Technorati tags :
, , , , Continue reading →

DVD of the weekend - The Lone Gunmen

February 17, 2006
The Lone Gunmen on two double-sided discs, pure classic! In one of my chats with Roman Polesek, from Hakin9, he was wise enough to state the you cannot be a prophet in your own industry, simple, but powerful statement you should take into consideration.

Initiatives such as The Lone Gunmen, the X-files, and The Outer Limits have already proven useful, given someone listens! For instance :



"In a foreshadowing of the September 11, 2001 attacks, subsequent conspiracy theories, and the 2003 invasion of Iraq, the plot of the March 4, 2001 pilot episode of the series depicts a secret U.S. government agency plotting to crash a Boeing 727 into the World Trade Center via remote control for the purpose of increasing the military defence budget and blaming the attack on foreign "tin-pot dictators" who are "begging to be smart-bombed." This episode aired in Australia less than two weeks before the 9/11 attacks, on August 30."



Conspiracy theorists do have a lot to say, so don't ignore them, find the balance, and enjoy the series :)



You can also browse through some transcripts as well.



Technorati tags :
conspiracy Continue reading →
Subscribe to: Comments (Atom)