| |
Current Topic: Computer Security |
|
It's now public: Abaddon has been hired by Juniper |
|
|
Topic: Computer Security |
4:51 pm EST, Nov 8, 2005 |
Anyone predicting that Michael Lynn did severe damage to his career might want to retract those statements now that the former ISS researcher and current Cisco nemesis has landed at Juniper Networks. Although it's unclear what Lynn's role is or how long he's been with Cisco's biggest rival, I'm sure that conspiracy theorists will have a field day with this one. Lynn, you'll remember if you weren't on Mars this summer, has become infamous for a Black Hat presentation during which he proved what most savvy network administrators already suspected: Cisco's IOS had a serious flaw that could let hackers not just take down a Cisco switch or router but also hijack networking equipment and execute code.
It's finally public that Mike has joined Juniper. Several outlets are covering it. Wired also has an interview with Jeff Moss about the situation. I guess we should get around to taking down the link for Mike's defense fund... It's now public: Abaddon has been hired by Juniper |
|
Daily Kos: Nonpartisan GAO Confirms Security Flaws in Voting Machines |
|
|
Topic: Computer Security |
9:37 pm EST, Nov 1, 2005 |
1 Some electronic voting systems did not encrypt cast ballots or system audit logs, thus making it possible to alter them without detection. 2 It is easy to alter a file defining how a ballot appears, making it possible for someone to vote for one candidate and actually be recorded as voting for an entirely different candidate. 3 Falsifying election results without leaving any evidence of such an action by using altered memory cards. 4 Access to the voting network was easily compromised because not all digital recording electronic voting systems (DREs) had supervisory functions password-protected, so access to one machine provided access to the whole network. 5 Supervisory across to the voting network was also compromised by repeated use of the same user IDs combined with easily guessed passwords. 6 The locks protecting access to the system were easily picked and keys were simple to copy. 7 One DRE model was shown to have been networked in such a rudimentary fashion that a power failure on one machine would cause the entire network to fail. 8 GAO identified further problems with the security protocols and background screening practices for vendor personnel.
Voting machine security should truly be a non-partisan issue, yet it's only the democrats I ever see making an issue of it. That's truly disturbing. Will this start to become a wider issue now that the GAO is calling out the problems as well? Daily Kos: Nonpartisan GAO Confirms Security Flaws in Voting Machines |
|
Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far |
|
|
Topic: Computer Security |
9:25 pm EST, Nov 1, 2005 |
The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files. While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.
Sony has gone very far over the line here. I will happily join in the chorus of people screaming lawsuit. Letting this one go would establish the premise that it's acceptable for the media industry to violate your property in order to protect theirs. That approach can only lead to worse problems. Mark's Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far |
|
TinyDisk - An anonymous shared file system on top of TinyURL |
|
|
Topic: Computer Security |
9:15 pm EDT, Oct 27, 2005 |
TinyDisk is a program from saving and retrieving files from TinyURL and TinyURL-like services such as Nanourl. It overlays a write-once-read-many anonymous, persistent and globally shared filesystem. Once something is uploaded, only the database admin can delete it. Everyone can read it. No one can know who created it. Think of it as a magical CD-R that gets burned and placed on a network.
This is a file system Acidus demoed at Phreaknic that runs on top of the link shortening service TinyURL. Its the perfect case study of how to write meaningful extensions on top of existing web applications, which was the topic of Acidus's presentation. He's already uploaded some fun stuff into TinyURL, like The Adventures of Sherlock Holmes, and even TinyDisk itself. Thats right, the program to read and write to TinyURL is stored inside TinyURL! It was also very cool to see other people starting to use it. I was doing some searching around yesterday, and it appears there is some interest in this tool coming from China. TinyDisk - An anonymous shared file system on top of TinyURL |
|
BetaNews | Cross-Site Scripting Worm Hits MySpace |
|
|
Topic: Computer Security |
11:12 pm EDT, Oct 14, 2005 |
One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.
MySpace has gotten hit with the first XSS worm to target social networking sites. Here is some analysis from Acidus: Basically the worm was XSS embedded in someone’s profile on MySpace. When someone would view the profile, they would execute the Javascript in their own browser. The payload of the XSS was Ajax which would make GET and POST requests to MySpace, adding the XSS Payload to that user’s profile. This spreads the worm! As with most worms using a new attack vector, this was harmless, adding the message “samy is my hero” to each infected profile along with the XSS payload.
Acidus has also posted the source code of the XSS Payload, and says he plans to post a more detailed analysis later. BetaNews | Cross-Site Scripting Worm Hits MySpace |
|
Phuture Of Phishing: Presentation and code |
|
|
Topic: Computer Security |
9:37 pm EDT, Sep 23, 2005 |
The Phuture of Phishing by: Billy Hoffman Phishing, or the act of tricking a user into revealing confidential information, is a big business. In this presentation, we first discuss what phishing is and how it works. We examine the current tricks and techniques that phishers use to steal information such as CSS positioning, host obfuscation, and malware. Next we evaluate the pros and cons of current phishing defensives such as blacklisting, country reconciliation, and reputation systems. Then we discuss a coming trend in phishing attacks: using cross-site scripting (XSS) to embed a phishing site inside the victim website. Finally, we discuss how XSS/Phishing attacks circumvent most existing defenses, and we demonstrate a free defensive tool, LineBreaker, which can actively detect and stop these types of attacks.
SPI Dynamics is hosting Acidus's Toorcon presentation and is hosting his free defensive tool. The above summary isn't on the page yet, but you can download the source code/Jar of LineBreaker, and a PDF or Flash version of the presentation form the memed website. Acidus quoted Tom Cross in the presentation when discussing the offensive tool (which cannot be downloaded): Tom Cross: This technology has no legitimate use.
I assure you that's a complement. Its in reference to an offensive tool. Industrial Memetics is proud to have Billy around. Kudos to SPI Dynamics for supporting Billy's current research. Phuture Of Phishing: Presentation and code |
|
The Six Dumbest Ideas in Computer Security |
|
|
Topic: Computer Security |
9:58 pm EDT, Sep 11, 2005 |
Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying "trying to ignore reality." Frequently those misguided attempts are sincere efforts by well-meaning people or companies who just don't fully understand the situation, but other times it's just a bunch of savvy entrepreneurs with a well-marketed piece of junk they're selling to make a fast buck. In either case, these dumb ideas are the fundamental reason(s) why all that money you spend on information security is going to be wasted, unless you somehow manage to avoid them.
This is a great read for anyone who knows they know nothing about computer security. Its also a good read for people who think they know about computer security. For those who do know about computer security, its a good laugh. The Six Dumbest Ideas in Computer Security |
|
TIME.com: The Invasion of the Chinese Cyberspies |
|
|
Topic: Computer Security |
10:47 am EDT, Aug 29, 2005 |
An exclusive look at how the hackers called TITAN RAIN are stealing U.S. secrets
Titian Rain sounds like the name of an anime series. This article tells the story of Shawn Carpenter, a computer security specialist at Sandia Labs, and his clandestine efforts to track the Titan Rain hackers. This shows some shortfalls of our strategy when it comes to tracking network based espionage. TIME.com: The Invasion of the Chinese Cyberspies |
|
Turkey, Moroccan residents arrested in computer worm probe |
|
|
Topic: Computer Security |
12:08 am EDT, Aug 27, 2005 |
An 18-year-old Moroccan national and a 21-year-old resident of Turkey have been arrested for creating and spreading computer worms that disrupted services on computer networks of major U.S news organizations and other institutions earlier this month, the FBI announced Friday. Farid Essebar, a Moroccan who used the screen name "Diabl0," and Atilla Ekici of Turkey, who used the moniker "Coder," were arrested in their home countries by authorities who cooperated with U.S. investigators in tracking the origins of the Mytob worm; a damaging variant, Zotob; and a third worm, RBot.
Its nice to see the people who write worms caught quickly. Its usually the case that it will happen quickly, or never. Its safe to assume that most of the time involved with this had to do with the international aspect of it, rather than finding a trail pointing to the culprits. Microsoft Senior Vice President and General Counsel Brad Smith said even if strong anti-hacking statutes aren't in place, Morocco and Turkey have consumer fraud statutes and consumer protection laws that could apply.
It should be noted that Microsoft is (still) part of the problem, but not worth harping on (too much). Everyone should know it by now, Microsoft isn't the victim; the people using their products are. Just think what "anti-hacking statutes" would consist of if it was up to them to decide. Violation of property in the context of worms is very different from making modifications to your x-box, but I'm sure Microsoft would not see it that way. Remember, DRM is going to save you from worms. And if you believe that, I'll tell you another story. Maybe one with elves and magic, or something.. Good thing the FBI is going to take the lead in helping the Moroccans and the Turks with this. Security experts say there are vast criminal networks with specialists in every aspect of a virus or worm attack. "It's a lot like the movie industry: You have producers, you have the actors and you have the distribution network," said David Maynor of Internet Security Systems. "This network is much the same way. You have people who decide what they want to get done, they pass it to the producers who will actually make it happen, get someone to package it up and make sure it works, then the distributors whose only job is to distribute it to other people."
I'm not even going to touch that one. Just pretend I said something nasty about ISS and the movie industry. Turkey, Moroccan residents arrested in computer worm probe |
|
Software Notebook: Live on television, a worm attacks |
|
|
Topic: Computer Security |
12:15 am EDT, Aug 22, 2005 |
I was poking fun at CNN earlier about their response to the worms.. Wolf Blitzer was in crisis mode, warning computer users to protect themselves. Paula Zahn started her program by reporting on crashing PCs in the CNN newsroom. And Charles Gibson talked about needing to use ABC's old typewriters. The latest Windows worm, Zotob, was notable in part because its victims included some major media organizations. Although a variety of businesses were struck by the worm, it created a particularly challenging situation for the broadcast media, which found itself reporting in real time on a problem that was hitting very close to home. "We are continuing our coverage of tonight's big story: A computer worm that is spreading havoc in systems all over the world," Zahn told viewers at the outset of her Tuesday show, according to a CNN transcript. "Here is exactly what we know right now: Someone has unleashed a worm that cripples computers by forcing them to continuously shut down and restart. It's been a wild scene around our newsroom today because of that." Earlier, on CNN's "Situation Room," Blitzer had called the worm a "potentially huge story."
Software Notebook: Live on television, a worm attacks |
|