She informed me that there had been no direct fraudulent transactions on my account. Rather, she informed me that the ATM networks of Canada, Russia and the United Kingdom have been compromised. I used the term class break as a question and she repeated that there has been a class break of the ATM networks in those countries. The ATM network in Canada has been compromised and as a result, using my ATM card over the Canadian network locked my account automatically. She informed me that this has been an ongoing issue for the last two weeks. When I asked why there was no media attention, she said she wasn't sure. I said it was a pretty big deal and she agreed.

Rumors/stories of a major security breach at Citibank are going around. People have having their cards shutoff all over the place.

Boing Boing: Citibank under fraud attack, customers locked out of accounts

Turns out that if someone types "startkeylogger" or "stopkeylogger" in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning.

hehehe.... The problem with a lot of automated tools that try to respond to attacks is that an attack can trigger them intentionally. Dropping in a firewall rule to block anyone who port scans you? Why don't I spoof a port scan from your favorite website? Even worse is the idea of automatically retaliating. Retaliating security software is Texan for distributed denial of service zombie.

Leveraging automated attack response

The latest (February 6) issue of Newsweek has a picture on page 39 of
George Bush visiting the NSA headquarters in Fort Meade. A wall-sized
screen in the background displays the latest versions of our favorite
open source security tools, including Nmap, Metasploit, Snort
Ethereal, Cain & Abel, and Kismet. Nifty.

Fyodor's nmap scanner makes another cameo appearance, this time its not with Trinity in the Matrix, but with George Bush in a press conference at the NSA.

Nmap Development: NSA tracking open source security tools

The Homeland Security Department is scheduled to test federal and private-sector readiness for cyberattacks next week, an industry executive said.

The national exercise, named Cyber Storm, will take place Feb. 6-10, said Scott Algeier, executive director of the Information Technology Information Sharing and Analysis Center (IT-ISAC).

DHS to run cybersecurity exercise

Here's where the reality meter goes into overdrive. VeriSign is also the company that sells about half of the net's SSL certificates for "secure ecommerce [4]." These SSL certificates are what presumptively protect connections between consumers and merchants. It is claimed that a certificate that is signed by a certificate authority (CA) can protect against the man-in-the-middle (MITM) attack and also domain name spoofing.

A further irony is that VeriSign also runs the domain name system for the .com and the .net domains. So, indeed, they do have a hand in the business of domain name spoofing;

The point here is that, on the one hand, VeriSign is offering protection from snooping, and on the other hand, is offering to facilitate the process of snooping.

It's not just SSL certs and the .net/.com domains VeriSign is being trusting with anymore. The ability to tap mobile phone calls is on the slate now too. VeriSign is a wolf in wolf's clothing. I can't think of any reason to trust them, and they are positioned in a way where there is no choice or recourse other than to deal with them. They are a perfect example of a(n even more) major problem waiting to happen.

Financial Cryptography: VeriSign's conflict of interest creates new threat

Billy Hoffman, an engineer at Atlanta company SPI Dynamics unveiled a new, smarter web-crawling application that behaves like a person using a browser, rather than a computer program. "Basically this nullifies any traditional form of forensics," says Hoffman.

Tim Ball, director of systems and development for the U.S. Senate's Democratic Policy Committee knows what it's like to be under constant spider attack. The Senate website relies extensively on server logs for forensics, but Ball is no longer confident that approach will be helpful in the long run.

Ball says the research will make it easier for attackers to automatically and discreetly spot flaws on websites they previously had to root out by hand. "What Billy's done is massively simplified the process and make it faster," says Ball.

Hoffman hopes the street will find its own positive uses for his work as well. "One of the really cool things I have had to do was to score how interesting a link would be," he says. His technique is similar to applications like Google's page scoring system, but is publicly available in open-source Java code anyone can use.

Much fun was had and much work was done by the entire crew in DC this week.

In regard to hackers like Billy Hoffman and Mike Lynn, it must be understood that while their work may appear on its face to only help evil doers, it couldn't possibly be farther from the truth.

Wired News: Covert Crawler Descends on Web

A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute said. The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity.

"These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization," Paller said in a conference call to announced a new cybersecurity education program.

"We know about major penetrations of defense contractors," he said.

"We have a problem that our computer networks have been terribly and deeply penetrated throughout the United States ... and we've been keeping it secret," he said.

In the United States, he said there are some areas of improvement such as the case of the Air Force, which has been insisting on better security from its IT vendors. But he argued that "the fundamental error is that America's security strategy relies on writing reports rather than hardening systems."

Hacker attacks in US linked to Chinese military

The computer security researcher who revealed a serious vulnerability in the operating system for Cisco Systems routers this year says he discovered 15 additional flaws in the software that have gone unreported until now, one of which is more serious than the bug he made public last summer.

Mike Lynn, a former security researcher with Internet Security Systems, or ISS, said three of the flaws can give an attacker remote control of Cisco's routing and gateway hardware, essentially allowing an intruder to run malicious code on the hardware. The most serious of the three would affect nearly every configuration of a Cisco router, he said.

"That's the one that really scares me," Lynn said, noting that the bug he revealed in July only affected routers configured in certain ways or with certain features. The new one, he said, "is in a piece of code that is so critical to the system that just about every configuration will have it. It's more part of the core code and less of a feature set," Lynn said.

Lynn, who now works for Cisco competitor Juniper Networks, told Wired News that ISS has known about additional flaws in the Cisco software for months but hasn't told Cisco about them. This is serious, Lynn said, because attackers may already be developing exploits for the vulnerabilities. Cisco's source code was reportedly stolen in 2004 and, while doing research on the IOS software, Lynn found information on a Chinese-language website that indicated to him that Chinese attackers were aware of the security flaws in IOS and could be exploiting them.

"Essentially there are more bugs, and they've gagged me from telling anyone the details of what they are," Lynn said.

"It's pretty meticulous. There's lots of notes because it's very complicated stuff," Lynn said. "I gave the most details for the ones that are the most critical -- those are all spelled out."

With regard to Allor's statement suggesting that any flaws ISS found are theoretical, Lynn said, "We're not dealing with an iffy thing when I actually have the code that I'm disassembling."

"At the very least," he said, "even if ISS only suspected there were flaws, you'd think they'd want to talk to Cisco about it even if they think maybe it's not true. If I'm totally wrong, great, but I have a pretty good track record on this, and you'd think they'd want to be talking to Cisco to be sure."

This story is far from over. I continue to keep my fingers crossed that we don't see a router worm hit the net.

Wired | ISS Allegedly Hiding Cisco Bugs

In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both "pen register" and "full audio" (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity.

In the most serious countermeasures we discovered, a wiretap subject superimposes a continuous low-amplitude "C-tone" audio signal over normal call audio on the monitored line. The tone is misinterpreted by the wiretap system as an "on-hook" signal, which mutes monitored call audio and suspends audio recording. Most loop extender systems, as well as at least some CALEA systems, appear to be vulnerable to this countermeasure.

John Markoff has a story on this today.

Ha... They were using old school dtmf techniques to detect call status! Thats a bizarre approach. You'd think they'd have some device that spoke SS7 and the network would simply send the digital call traffic to them. U: I just read the paper. Apparently there IS no good reason they are using inband signals. Its a good paper. Read it.

Of course, this kind of vulnerability isn't what I'm really interested in with respect to CALEA equipment. The big question is how does Law Enforcement get access to the CALEA system and is the security/authentication of that access method sufficient to prevent other parties from using the system. I've heard unsubstantiated whisperings that it isn't... U: The paper seems to allude to this suspicion as well...

Blue Boxing Wiretapping Systems

JS/UIX is an UN*X-like OS for standard web-browsers, written entirely in JavaScript (no plug-ins used). It comprises a virtual machine, shell, virtual file-system, process-management, and brings its own terminal with screen- and keyboard-mapping.

File under "stupid web tricks". This is neat, but I can't think of a single useful application.

A more advanced security model for Javascript in web browsers is necessary. I have no idea what this adds to the argument.. Aside from the fact that it's a good example of how you can do much more with Javascript then is widely understood. Acidus has been doing some interesting research in this space. I look forward to the point when he can quit being tight-lipped and share some of the stuff he has come up with. It's the kind of stuff that will send a shockwave through the security and web development community.

JS/UIX - Unix implemented in Javascript