| |
| Current Topic: Computer Security |
|
Hackers cut off SCO Web site | CNET News.com |
|
|
|---|
| Topic: Computer Security |
12:22 am EDT, Aug 26, 2003 |
] This weekend, a denial-of-service attack took down the
] Web site of The SCO Group, which is caught in an
] increasingly acrimonious row with the open-source
] community over the company's legal campaign against
] Linux. Most under reported story of the day... Hackers cut off SCO Web site | CNET News.com |
|
RE: New Phase of Sobig.F Set for 3 p.m. EST Friday 8/22/2003 |
|
|
|---|
| Topic: Computer Security |
3:11 am EDT, Aug 24, 2003 |
Elonka wrote:
] More info about the fastest-spreading worm of all time, which
] enters a new phase today, trying to download unknown code to
] 20 specific home computers: Turns out they may have failed here. From a post on Interesting People: "All the experts were totally faked out. While everyone was concentrating
on getting the "magic 20" machines shut down, no one realized that
different copies of Sobig.f had different lists of servers to contact. We put a block of udp port 8998 on our firewall this morning. We had 3
previously undetected infected machines on our network, each of which
tried to contact a different list of 20 machines. One of the lists
corresponds to the one that Sophos and others have published. The other
two lists have no addresses in common with the published list, or with
each other. I wonder how many different sets of servers there were, how many
different variants of Sobig.f there were, and how many infected machines
now have some additional trojan, worm, or ddos code waiting for a
command to do something." RE: New Phase of Sobig.F Set for 3 p.m. EST Friday 8/22/2003 |
|
Analysis of an Electronic Voting System |
|
|
|---|
| Topic: Computer Security |
1:34 pm EDT, Aug 23, 2003 |
] Recent election problems have sparked great interest in
] managing the election process through the use of
] electronic voting systems. While computer scientists, for
] the most part, have been warning of the perils of such
] action, vendors have forged ahead with their products,
] claiming increased security and reliability. Many
] municipalities have adopted electronic systems, and the
] number of deployed systems is rising. For these new
] computerized voting systems, neither source code nor the
] results of any third-party certification analyses have
] been available for the general population to study,
] because vendors claim that secrecy is a necessary
] requirement to keep their systems secure. Recently,
] however, the source code purporting to be the software
] for a voting system from a major manufacturer appeared on
] the Internet. This manufacturer's systems were used in
] Georgia's state-wide elections in 2002, and the company
] just announced that the state of Maryland awarded them an
] order valued at up to $55.6 million to deliver touch
] screen voting systems. The press claims this paper is discredited because Avi Rubin was involved with an electronic voting company. Read it for yourself and see what you think. Analysis of an Electronic Voting System |
|
Internet quiet as Sobig attack deadline passes - Computerworld |
|
|
|---|
| Topic: Computer Security |
4:46 pm EDT, Aug 22, 2003 |
] Internet Security Systems Inc. reported that one of the
] 20 was still online at 3:00 p.m. Eastern time but no new
] instructions had been placed on the machine by the virus
] writer, according to Dan Ingevaldson, engineering manager
] at ISS.
]
] The last Sobig server stopped responding shortly after
] 3:00 p.m., he said.
]
] With few or none of the 20 servers accessible, Sobig
] machines were unable to download any instructions,
] experts agreed. They got 'em... BTW, I can think of at least 50 ways to do this better. Internet quiet as Sobig attack deadline passes - Computerworld |
|
New Phase of Sobig.F Set for 3 p.m. EST Friday 8/22/2003 |
|
|
|---|
| Topic: Computer Security |
4:38 pm EDT, Aug 22, 2003 |
] More info about the fastest-spreading worm of all time, which
] enters a new phase today, trying to download unknown code to 20
] specific home computers: ] The worm infected close to one million computers via
] e-mail attachments in e-mails with spoofed addresses
. . .
] Now, those infected
] computers are programmed to start to connect to machines
] found on an encrypted list hidden in the virus body.
] F-Secure said the list contains the address of 20
] computers located in United States, Canada and South
] Korea and is expected to start at 3:00 EST Friday. I can't beleive they are unable to locate and turn off the servers! There are only 20. Also, if the "web address" in question is under the control of the attackers, then it was paid for by the attackers, and this is a very easy place to start a criminal investigation (possibly the web address was bought using a fake or stolen identity). However, claiming that this "must be the work of organized crime" is silly. Technical sophistication and criminal sophistication are not always directly proportional. New Phase of Sobig.F Set for 3 p.m. EST Friday 8/22/2003 |
|
Train in Washington shutdown by worm |
|
|
|---|
| Topic: Computer Security |
11:40 am EDT, Aug 21, 2003 |
] CSX Transportation's (CSXT) information technology
] systems experienced significant slowdowns early today
] after a computer virus infected the network. The cause
] was believed to be a worm virus similar to those that
] have infected the systems of other major companies and
] agencies in recent days.
]
]
] The infection resulted in a slowdown of major
] applications, including dispatching and signal systems.
] As a result, passenger and freight train traffic was
] halted immediately, including the morning commuter train
] service in the metropolitan Washington, D.C., area. Train in Washington shutdown by worm |
|
The Register | Slammer worm crashed Ohio nuke plant net |
|
|
|---|
| Topic: Computer Security |
11:20 am EDT, Aug 21, 2003 |
] The Slammer worm penetrated a private computer network at
] Ohio's Davis-Besse nuclear power plant in January and
] disabled a safety monitoring system for nearly five
] hours, despite a belief by plant personnel that the
] network was protected by a firewall, SecurityFocus has
] learned. The Register | Slammer worm crashed Ohio nuke plant net |
|
World squirms as Sobig returns | CNET News.com |
|
|
|---|
| Topic: Computer Security |
5:15 pm EDT, Aug 19, 2003 |
] "Initial analysis would suggest that Sobig.F is a
] mass-e-mailing virus that is spreading very vigorously.
] Sobig.F appears to be polymorphic in nature. The address
] is also spoofed and may not indicate the true identity of
] the sender," a MessageLabs statement said. I've been getting bounce messages today from gateway anti-virus systems claiming I sent them this virus. I haven't. I use MacOS. I've you've been getting similar messages, this is the reason. World squirms as Sobig returns | CNET News.com |
|
'Good' Worm Fixes Infected Computers (TechNews.com) |
|
|
|---|
| Topic: Computer Security |
6:05 pm EDT, Aug 18, 2003 |
] A new Internet worm emerged today that is designed to
] seek out and fix any computer that remains vulnerable to
] "Blaster," the worm that attacked more than 500,000
] computers worldwide last week. 'Good' Worm Fixes Infected Computers (TechNews.com) |
|
A nice hack: short, and smart... |
|
|
|---|
| Topic: Computer Security |
9:51 am EDT, Aug 18, 2003 |
] By emptying the /dev/random, and then timing the moments
] when data becomes available, we can precisely determine, at
] what intervals those events occur. While we can't determine
] what data is being added to the entropy pool, we can rather
] easily tell a situation when a keystroke data is added
] due to a specific pattern triggered by it. A nice hack: short, and smart... |
|
