Terrorism and Encryption

Jihadist themed encryption tool -- using "infidel" algorithms :

"The program`s `portability` as an application (not requiring installation on a personal computer) will become an increasingly desirable feature, especially considering the high use of Internet cafe worldwide by pro-terrorist Islamic extremists,' said iDefense Middle East analyst Andretta Summerville. 'Mujahedin Secrets,' which can be downloaded for free, offers 'the five best encryption algorithms, with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression,' according to a translation of a Global Islamic Media Front`s announcement about the software on Jan. 1, provided by Middle East Media Research Institute."

I've previously covered in-depth the topic of steganography and terrorism, and provided an example while assessing the threat -- and hype -- level of the Technical Mujahid. Terrorists have this problem with the infidels, pretty much everything they use starting from the Internet and their cellphone, even software running on a computer is "Made in InfidelLand". So I presume someone's not really comfortable with even encrypting their data with a U.S made PGP software, so re-branding and adding a Jihadist theme seems to be the solution at least when PSYOPS count. More info on the topic.

The Electronic Frontier Foundation in Europe

Couldn't get any better :

"The Electronic Frontier Foundation (EFF) opened a new office in Brussels today to work with various institutions of the European Union (EU) on innovation and digital rights, acting as a watchdog for the public interest in intellectual property and civil liberties policy initiatives that impact the European digital environment. The new EFF Europe office, made possible by the generous support of the Open Society Institute and Mr. Mark Shuttleworth of the Shuttleworth Foundation, will allow EFF to have an increased focus on the development of EU law. EFF also plans to expand its efforts in European digital activism and looks forward to working with many groups and organizations to fight effectively for consumers' and technologists' interests."

Finally EDRI got some serious back-up on the frontlines.

RFID Tracking Miniaturization

First it was RFID tracking ink, now with the introduction of the new generation Hitachi mu-chips, miniaturization proves for yet another time it has huge privacy implications :

"On February 13, Hitachi unveiled a tiny, new “powder” type RFID chip measuring 0.05 x 0.05 mm — the smallest yet — which they aim to begin marketing in 2 to 3 years. By relying on semiconductor miniaturization technology and using electron beams to write data on the chip substrates, Hitachi was able to create RFID chips 64 times smaller than their currently available 0.4 x 0.4 mm mu-chips. Like mu-chips, which have been used as an anti-counterfeit measure in admission tickets, the new chips have a 128-bit ROM for storing a unique 38-digit ID number."

I will spare you the acronym as I'm sure you know which intelligence agency is sitting on the world's largest budget, but just a wake up call that all technologies that are just getting commercialized or a first mention in the mainstream media have already been developed, even abondoned for more advanced alternatives by this agency years ago -- despite the fact that Hitachi is a Japanese company it's an U.S agency I'm talking about. OSI are definitely remembering the old school days now. Picture courtesy of Hitachi comparing the chip's size next to a grain of rice.

UPDATE: Slashdot picked up the story.

Censorship in China - An Open Letter

An open letter to Google's Founders regarding the censorship of search results in China :

"During the National Day holiday week in 2002, when Google.com was blocked in China for the first time, Chinese Google users made an online protest spontaneously. They appealed to free the purer search engine wave by wave. Its seemed its also the first time grassroots power was demonstrated in China on Internet. You can imagine how eager they are to have a complete Internet instead of a shrunken one. At last, people won, Google backed. However, after 4 years, we started to question whether we should continue to support Google. Many users here were disappointed when they found Google.cn filtered many keywords. The compromise remarks by you in Davos made us more frustrated. Seems you are adopting self-censorship which hurts those loyal users a lot which also devalue your motto of "non-evil"."

Issues to keep in mind:
- Yahoo and Microsoft are doing it too in order to continue their business operations in China
- Google is alerting the searcher that the results are filtered because the ghost of Mao is alive and kicking and said so
- Google's losing market share in China's search market next to Sina.com due to censorship concerns, while local users are forgetting that Sina.com too is censoring the results, even worse, not even crawling as deep as Google is in respect to the quality of search results
- U.S Congressman Chris Smith has the issue on his agenda
- Technology companies are seeking government assistance on how to stop the ongoing censorship themselves
- The complete list of censored search results is worth going through
- Google's and Yahoo's shareholders are fighting back
- The Great Firewall is cracking from within with banned journalists now running the largest blogging network in China

She Loves Me, She Loves Me Not

I'm in love, with myself at the first place, and while Saint Valentine's meant to reboot a relationship so to speak, every day should be a Saint Valentine's day in a relationship. Do you trip on love? Malware authors always do around the 14th of February.

Quote of the day - No promises, no demands, love is a battlefield -- or drug like addiction? Via Tech_Space.

Emerging DDoS Attack Trends

In a previous post I emphasized on the long-term trend of how DoS attacks have the potential to cause as much damage as a full-scale DDoS attack, and increase their chance of not getting detected while require less resources. Looks like Prolexic Technologies are thinking in the same direction and warning that :

"IT security bosses will have to be increasingly vigilant in 2007 as criminals exploit new ways of ensuring distributed denial of service (DDOS) attacks cause the maximum damage and circumvent filtering technology, according to DDOS protection specialist Prolexic.While there will continue to be large-scale consumption-based attacks this year, attackers have learned that smaller, customised attacks tailored to web servers' application logic can have similar effects but require smaller botnets to generate, according to Prolexic president Keith Laslop."The requests will bring your CPU usage up to 100 percent by doing things like registering as a new customer" he said. "There is a slow frequency of requests so it will not trigger third-party [detection] technology, and intrusion-detection systems are not designed to notice these attacks."

Attacks like these while not conducted by malicious parties, are already happening at Britain's Prime Minister web site, though these should have been anticipated earlier.

As always, assessing risk as if you are a part of a red team provides the best security for your network. Think malicious attackers. If they're able to fingerprint the software running on your boxes and get under the skin of your web applications, a surgical and specifically crafted DoS attack would not only require less resources compared to a DDoS one, but would also make it a little bit harded for incident forensic investigator to react in a timely manner. So while you're preparing for a constant Gbytes stream, attackers will shift tactics.

Here's more info on the recent -- totally futile -- attempt to attack the root domain servers.