It's about time I summarize all my February's Security Streams, you can of course go through my January's Security Streams as well, in case you're interested in what was inspiring me to blog during January. The truth is - you, the 4,477 unique and 580 unique visitors returning during the entire February, and as this blog is melting down due to its audience and content, thanks for your time! As a matter of fact, it's been a while since I've last participated in students' thesis, but who knows these days :)
1. "Suri Pluma - a satellite image processing tool and visualizer", treat tool I recommended to everyone interested in that type of tools, as a matter of fact, I also got many other suggestions for alternatives. More on visualization
2. "CME - 24 aka Nyxem, and who's infected?" a small update on the Nyxem threat if any during February
3. "What search engines know, or may find out about us?"" a commentary on a CNET's Q&A with leading search engines on how they deal with subpoenas and user's privacy, further resources and opinions on the topic are provided as well. Anything that can be linked will be one way or another.
4. "The current state of IP spoofing" introducing the ANA Spoofer Project, commentary on the current state according to their sample, and many other distributed concepts again related to security are mentioned
5. "Hacktivism tensions" A brief coverage of the mass defacements of Danish sites out of the Muhamad's cartoons distribution over Europe, and of course, over the Net. I also mentioned a previous rather more severe case or Nation2Nation cyberwarfare PSYOPS attacks
6. "Security Awareness Posters" a small list with links to free security awareness posters worth using or enjoying their witty messages
7. "A top level espionage case in Greece" With the great possibility of an insider's job, the eavesdropping of major government officials and citizens was indeed the second case that made me an impression, next to the stone transmitter found in a Moscow's park
8. "The War against botnets and DDoS attacks" A post covering the introduction of McAfee's bot killing system, The ZombieAlert Service, some comments and lots of external resources on fighting and protecting against Botnets and DDoS attacks
9. "Who needs nuclear weapons anymore?" An in-depth article I wrote while coming across a news article on a recent EMP warhead test, with the idea to bring more awareness on the potential of EMP weapons, some of the current trends, and the emerging weaponization of Space . A reader also mentioned a Mig-25 found on Google Maps
10."Recent Malware developments" a post summarizing various events right in the middle of February, discussing some of the emerging trends to keey an eye on, a a commentary on Kaspersky's summary for 2005, worth checking out as well
11. "Look who's gonna cash for evaluating the maliciousness of the Web?" Crawling for malware and evaluating the maliciousness of the Web with automated patrol for sites distribution it is a very hot and feasible topic you can learn more about by reading this post
12. "Detecting intruders and where to look for" comments and external resources related to rootkits and forensics
13. "A timeframe on the purchased/sold WMF vulnerability" as requested by readers
14. "The end of passwords - for sure, but when?" As my first blog post was related to passwords security and why bother given their major insecurities, in this post I commented Bill Gate's remarks. I think they don't know what they are really up to at the bottom line
15."Smoking emails" Would you pay millions to avoid paying billions and keep a clean image? Of course you will!
16. "DVD of the weekend - The Lone Gunmen" the first post related to DVDs worth watching over the weekend
17. "How to win 10,000 bucks until the end of March?" Find a critical, as defined by Microsoft's security bulletins, vulnerability, participate in the market for software vulnerabilities - the future 0bay, and sell it to iDefense for 10,000 bucks, but what about the social outcome out of the process, if any?
18. "Chinese Internet Censorship efforts and the outbreak" recent events related to the Chinese efforts to monitor and censor the web, the the "West's'"reactions. I did quite a lot of quality posts on the topic during January and February mainly because I feel that the higher the publicity for the problem, the higher the pressure towards starting talks on the future of these efforts
19. "Master of the Infected Puppets" comments on botnets communication provoked out of a nice research I came across to
20. "Give it back!" Mixed signals from the CIA, DIA and the DoJ on secrecy
21. "One bite only, at least so far!" a brief coverage of the OS X trojan and the InqTana worm
22. "DVD of the Weekend - The Outer Limits - Sex And Science Fiction Collection" weekend two, second DVD
23. "Get the chance to crack unbroken Nazi Enigma ciphers" another distributed concept this time cracking unbroken Nazi messages
Technorati tags :
Security, Information Security
Monday, March 06, 2006
February's Security Streams
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
DVD of the (past) weekend
Hi folks, as I've been down for a couple of days, I'm actively updating my blog, so watch out for some quality posts later on and apologies for the downtime. Thanks for the interest and the questions received whatsoever!
So, after the "Lone Gunmen", and "The Outer Limits - Sex And Science Fiction Collection" it was about time we go beyond cyberspace with the second part of the "Lawnmower man" a classic techno thriller, with a lot of VR, Cyberpunks, and futuristic scenarious.
Favo quote from part one - "I find a way out, or I die in this diseased main frame" which is also worth watching as a matter of fact. I'm so excited of seeing Ray Kurzweil's views of the future in a DVD box. I am especially interested into Cyberware, and the biological adaptation with technologies. As a matter of fact, there have already been reported cases of people with implanted RFID chips, and while they wish they had Johnny Mnemonic's view of the Internet, that must be some kind of a joke. Picture yourself scanned and monitored wherever you go while walking around with a false sense of security. RFID is a lot of buzz, I feel the potential for information sharing, and resources cutting is outstanding, still, the levels of security or lack of understanding on the privacy implications is the biggest downsize so far.
Would we someday build an AI that would crawl the Universe forever colonizing the obeying the morale we learnt "it" to? I find this such a great idea :)
Some resources on Cyberware and Cyberpunks :
The Cyberpunk Project
Cyberpunk
"Cyberpunks in Cyberspace"
Cyberanarchists, Neuromantics and Virtual Morality
Cyberpunks and their online activities
Cyberpunk - Ebook
Cyberware Technology
Realistic and Affordable Cyberware Opponents for the Information Warfare BattleSpace
Cyberware Implants
Technorati tags :
Lone Gunmen, The Outher Limits, Lawnmower Man, Ray Kurzweil, Cyberware, Cyberpunk
So, after the "Lone Gunmen", and "The Outer Limits - Sex And Science Fiction Collection" it was about time we go beyond cyberspace with the second part of the "Lawnmower man" a classic techno thriller, with a lot of VR, Cyberpunks, and futuristic scenarious.
Favo quote from part one - "I find a way out, or I die in this diseased main frame" which is also worth watching as a matter of fact. I'm so excited of seeing Ray Kurzweil's views of the future in a DVD box. I am especially interested into Cyberware, and the biological adaptation with technologies. As a matter of fact, there have already been reported cases of people with implanted RFID chips, and while they wish they had Johnny Mnemonic's view of the Internet, that must be some kind of a joke. Picture yourself scanned and monitored wherever you go while walking around with a false sense of security. RFID is a lot of buzz, I feel the potential for information sharing, and resources cutting is outstanding, still, the levels of security or lack of understanding on the privacy implications is the biggest downsize so far.
Would we someday build an AI that would crawl the Universe forever colonizing the obeying the morale we learnt "it" to? I find this such a great idea :)
Some resources on Cyberware and Cyberpunks :
The Cyberpunk Project
Cyberpunk
"Cyberpunks in Cyberspace"
Cyberanarchists, Neuromantics and Virtual Morality
Cyberpunks and their online activities
Cyberpunk - Ebook
Cyberware Technology
Realistic and Affordable Cyberware Opponents for the Information Warfare BattleSpace
Cyberware Implants
Technorati tags :
Lone Gunmen, The Outher Limits, Lawnmower Man, Ray Kurzweil, Cyberware, Cyberpunk
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Monday, February 27, 2006
Get the chance to crack unbroken Nazi Enigma ciphers
Nice initiative I just came across to. From the "M4 Message Breaking Project" :
The M4 Project is an effort to break 3 original Enigma messages with the help of distributed computing. The signals were intercepted in the North Atlantic in 1942 and are believed to be unbroken. Ralph Erskine has presented the intercepts in a letter to the journal Cryptologia. The signals were presumably enciphered with the four rotor Enigma M4 - hence the name of the project.
This project has officially started as of January 9th, 2006. You can help out by donating idle time of your computer to the project. If you want to participate, please follow the client install instructions for your operating system:
Unix Client Install
Win98 Client Install
Win2000 Client Install
WinXP Home Client Install
WinXP Pro Client Install
The first message is already broken as a matter of fact, and looks like that :
Ciphertext :
nczwvusxpnyminhzxmqxsfwxwlkjahshnmcoccakuqpmkcsmhkseinjus
blkiosxckubhmllxcsjusrrdvkohulxwccbgvliyxeoahxrhkkfvdrewezlx
obafgyujqukgrtvukameurbveksuhhvoyhabcjwmaklfklmyfvnrizr
vvrtkofdanjmolbgffleoprgtflvrhowopbekvwmuqfmpwparmfha
gkxiibg
Deciphered and in plain text :
From Looks:Radio signal 1132/19 contents:Forced to submerge during attack, depth charges. Last enemy location08:30h, Marqu AJ 9863, 220 degrees, 8 nautical miles, (I am) following(the enemy). (Barometer) falls (by) 14 Millibar, NNO 4, visibility 10.
You no longer need the NSA to assist in here, still they sure have contributed a lot while "Eavesdropping on Hell", didn't they?
Distributed Computing is a powerful way to solve complex tasks, or at least put the PC power of the masses in use. It's no longer required to hire processing power on demand from any of these jewels, but download a client, start participating, or find a way to motivate your future participants. In my previous post "The current state of IP spoofing" I commented on the ANA Spoofer Project and featured a great deal of other distributed projects. Meanwhile, the StartdustAThome project also started gaining grounds, so is it ETs, Space dust, global IP spoofing susceptibility, or unbroken Nazi's ciphers - you have the choice where to participate!
Technorati tags :
Security, Cryptography, Enigma, Distributed
The M4 Project is an effort to break 3 original Enigma messages with the help of distributed computing. The signals were intercepted in the North Atlantic in 1942 and are believed to be unbroken. Ralph Erskine has presented the intercepts in a letter to the journal Cryptologia. The signals were presumably enciphered with the four rotor Enigma M4 - hence the name of the project.
This project has officially started as of January 9th, 2006. You can help out by donating idle time of your computer to the project. If you want to participate, please follow the client install instructions for your operating system:
Unix Client Install
Win98 Client Install
Win2000 Client Install
WinXP Home Client Install
WinXP Pro Client Install
The first message is already broken as a matter of fact, and looks like that :
Ciphertext :
nczwvusxpnyminhzxmqxsfwxwlkjahshnmcoccakuqpmkcsmhkseinjus
blkiosxckubhmllxcsjusrrdvkohulxwccbgvliyxeoahxrhkkfvdrewezlx
obafgyujqukgrtvukameurbveksuhhvoyhabcjwmaklfklmyfvnrizr
vvrtkofdanjmolbgffleoprgtflvrhowopbekvwmuqfmpwparmfha
gkxiibg
Deciphered and in plain text :
From Looks:Radio signal 1132/19 contents:Forced to submerge during attack, depth charges. Last enemy location08:30h, Marqu AJ 9863, 220 degrees, 8 nautical miles, (I am) following(the enemy). (Barometer) falls (by) 14 Millibar, NNO 4, visibility 10.
You no longer need the NSA to assist in here, still they sure have contributed a lot while "Eavesdropping on Hell", didn't they?
Distributed Computing is a powerful way to solve complex tasks, or at least put the PC power of the masses in use. It's no longer required to hire processing power on demand from any of these jewels, but download a client, start participating, or find a way to motivate your future participants. In my previous post "The current state of IP spoofing" I commented on the ANA Spoofer Project and featured a great deal of other distributed projects. Meanwhile, the StartdustAThome project also started gaining grounds, so is it ETs, Space dust, global IP spoofing susceptibility, or unbroken Nazi's ciphers - you have the choice where to participate!
Technorati tags :
Security, Cryptography, Enigma, Distributed
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, February 25, 2006
DVD of the Weekend - The Outer Limits - Sex And Science Fiction Collection
"A sextet of sci-fi tales opens with Alyssa Milano as a woman whose "close encounter" leaves her with an insatiable lust in "Caught in the Act"; the sole survivor of a nuclear holocaust gets some computer-generated companionship in "Bits of Love," with Natasha Henstridge; Sofia Shinas is "Valerie 13," a robot whose emotions become all-too-human; a man who's lived his life onboard a mysterious spaceship meets his female counterpart in "The Human Operators," with Jack Noseworthy and Polly Shannon; a nerd becomes a ladies man via a high-tech "image enhancer" in "Skin Deep," with Antonio Sabato, Jr. and Adam Goldberg; and an alien plant becomes a deadly and
seductive "Flower Child," with Jud Taylor."
Get it, find out more, and listen to the wisdom from previous episodes.
seductive "Flower Child," with Jud Taylor."
Get it, find out more, and listen to the wisdom from previous episodes.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Friday, February 24, 2006
One bite only, at least so far!
Apple's OS X has always been positioned as a juicy target even though it's market share is almost non-existent compared to Microsoft's domination. And while converting iPod customers into MAC users hasn't shown any progress so far and I doubt it would, malware authors are as always actively experimenting or diversifying the threatscape. One question remains unclear, why would someone want to own a MAC, compared to owning hundreds of thousands of Windows PCs out there? To me, it's not about achieving the scale necessary for a Botnet, rather, experiment, show that it's possible through POC releases, or basically start attacking the living in a safe heaven until for now, MAC users.
Recently, an OS X trojan appeared, second (nice attitude from Apple on embracing the inevitable!), one followed, and besides "worming" a vulnerability and experimenting with propagation methods, I don't really think it's the big trend everyone is waiting for, a standard POC(Cabir), whose core function would empower a generation of variants for years to come.
I just came across this from Trifinite's blog :
"Trifinite.group member Kevin has published a paper detailing the techniques he used in the development of the InqTana Bluetooth worm that targets vulnerable Mac OS X systems. There has been significant confusion surrounding this worm, so here are some salient points:
- The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental
- There is no conspiracy, AV vendors and Apple were notified about Kevin's progress in developing this worm in advance of making details publicly available
- Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08
- InqTana prompts before infecting *by design*, Kevin was just trying to be nice, but the worm could easily spread silently
Kevin's paper is available at http://www.digitalmunition.com/InqTanaThroughTheEyes.txt. Comments can be directed to the BlueTraq mailing list. Our sympathies to those organizations who were affected by the false-positive signatures published by overzealous AV companies."
It clarifies a lot I think, mostly that, while architecture and OS popularity have a lot to do with security and incentives for attacks, "InqTana.A itself has absolutely nothing to do with Leap.A. My work was done completely independent of the author of Leap. The day after I sent out queries to the AV companies about my code I was shocked to see another OSX worm had already been in the news. While my worm sat in the mail spools of several AV companies they were busy writing about the "First Trojan/Worm for OSX"."
Leakage of IP, or I'm being a paranoid in here? Wired also has some nice comments.
Technorati tags :
Security, Information Security, Apple, Malware, Leap, InqTana, Anti Virus
Recently, an OS X trojan appeared, second (nice attitude from Apple on embracing the inevitable!), one followed, and besides "worming" a vulnerability and experimenting with propagation methods, I don't really think it's the big trend everyone is waiting for, a standard POC(Cabir), whose core function would empower a generation of variants for years to come.
I just came across this from Trifinite's blog :
"Trifinite.group member Kevin has published a paper detailing the techniques he used in the development of the InqTana Bluetooth worm that targets vulnerable Mac OS X systems. There has been significant confusion surrounding this worm, so here are some salient points:
- The concurrent release of the OS X Leap.A and InqTana.A worms is coincidental
- There is no conspiracy, AV vendors and Apple were notified about Kevin's progress in developing this worm in advance of making details publicly available
- Both 10.3 and 10.4 systems are vulnerable until patched with APPLE-SA-2005-05-03 and APPLE-SA-2005-06-08
- InqTana prompts before infecting *by design*, Kevin was just trying to be nice, but the worm could easily spread silently
Kevin's paper is available at http://www.digitalmunition.com/InqTanaThroughTheEyes.txt. Comments can be directed to the BlueTraq mailing list. Our sympathies to those organizations who were affected by the false-positive signatures published by overzealous AV companies."
It clarifies a lot I think, mostly that, while architecture and OS popularity have a lot to do with security and incentives for attacks, "InqTana.A itself has absolutely nothing to do with Leap.A. My work was done completely independent of the author of Leap. The day after I sent out queries to the AV companies about my code I was shocked to see another OSX worm had already been in the news. While my worm sat in the mail spools of several AV companies they were busy writing about the "First Trojan/Worm for OSX"."
Leakage of IP, or I'm being a paranoid in here? Wired also has some nice comments.
Technorati tags :
Security, Information Security, Apple, Malware, Leap, InqTana, Anti Virus
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)