] Comcast, the country's largest provider of high-speed
] Internet access, has begun blocking a channel frequently
] exploited by spammers to send out large volumes of
] e-mail, a move that many technologists say was long
] overdue and should be matched by other service providers.

This is not good news. Blocking all traffic with a destination port of 25 ties all email service to the ISP. That's corporate and hosted email servers also. This will cause problems with people who move between networks often. It also makes it easier to monitor email sending.. Its a bad precedent to allow ISPs to block the ability to use services at the network level.

An Internet connection should be a full Internet connection, not one that only allows you to send traffic on certain ports. This is a bad idea in disguise as a good way to stop spam.

Its email that needs to change, not the Internet. The Internet should remain stupid, and treat all ports as equal. It should not have ridged rules imposed upon what can flow over it because of a problem with an application. Taking away user's ability to contact external SMTP server's is a big thing to do for a 20% reduction in spam, which the spammers will adapt to..

Comcast to Firewall Port 25

] "Cisco believes that the improper publication of this
] information does not create increased risk to customers'
] Cisco equipment," the company said in a letter to
] customers and partners posted on Wednesday on its Web
] site.

Lets hope they are correct. That leaked code is going to have many eyeballs parse it. The effects of a Cisco router worm are not something I'd care to see.

] Cisco said it does not appear the theft was the result of
] a vulnerability in any of its products, nor does the
] company believe it was the result of any action taken by
] an employee or contractor.

Any word on how the code leaked?

Yahoo! News - Cisco Says Software Stolen, But No Damage Occurred

Many experts believe the clock is already ticking, and that America is already fighting a ... Cyberwar!

This PBS Frontline program recently aired on television. You can watch the full program (52 minutes) online in streaming video (QuickTime, Windows Media, Real Player).

cyber war!

The slides from Greg Conti's talk about Network Security Data Visualization are available here.

Greg gave a very good talk. Many links and references to visualization tools.

Interz0ne3 Network Security Data Visualization

knockd is a port-knock server. It listens to all traffic on an ethernet interface, looking for special "knock" sequences of port-hits. A client makes these port-hits by sending a TCP (or UDP) packet to a port on the server. This port need not be open -- since knockd listens at the link-layer level, it sees all traffic even if it's destined for a closed port. When the server detects a specific sequence of port-hits, it runs a command defined in its configuration file. This can be used to open up holes in a firewall for quick access.

knock - a port-knocking implementation

From Randy Bias's blog. Click through for links..

] An earlier article touched on pen-testing, exploits, and
] the Metasploit Framework. A ZDNet article talks about the
] newly released Metasploit Framework version 2.0, which
] has powerful new abilities. One amazing new capability is
] a remotely loadable PERL interpreter; shown here in
] action.
]
] With only 240 bytes of shellcode payload you can open a
] local socket, make an outbound connection and download a
] full PERL interpreter to the exploited machine (~400K).

Again, there is a whole subset of skills I continue to feel fully justified in wasting no time developing. Given toolkits like this, much of the elbow work involved with crafting sophisticated attacks is not necessary.

Someone else can construct the exploit, you can use someone else's tools for the first stage payload, and have the benefit of a high level language by the point its time for anything unique.

Sheesh.. Construction of weapons continues to get easier.

] This is a pretty amazing amount of power for both
] researchers and unfriendly hackers. The capabilities of
] these tools are just going to increase over time and
] seriously highlight the need for strong defense-in-depth
] capabilities. It takes a comprehensive security strategy
] to meet these increasingly sophisticated kinds of tools.
]
] There will undoubtedly be some debate about the propriety
] of releasing tools such as this, but realistically we can
] assume that tools like this already exist inside
] government agencies and other entities with deep pockets
] and an interest in taking this technology to the next
] level for their own purposes.

Kung-fu has been further automated. The bar, continues to drop. Lets hear it for wind resistance in the face of full on freefall. Open source arms races..

Insights into Information Security: Metasploit Releases 2.0 Framework

Jeremy wrote:
] The moral is obvious. You can't trust code that you
] did not totally create yourself.

If any discussion about secure computing platforms goes on long enough, this paper will come up. Its a flavor of Goodwin's law. Goodwindows law? Heh..

Good topic to spin into a pre-Interz0ne rant. I agree with you in your bold, in that having code is not the end-all be all of trustworthy computing bases or anything like that. Some interesting things have been done with polluted compilers as well..

A long time ago, this was my motivation for knowing how to bootstrap a compiler and base OS. I guess that places a fair amount of trust in GNU, OpenBSD, or others, and many eyes making the difference. I attempted to make sure I understood the chain of dependencies necessary to make basic server type functions happen.

On a personal computing level, I suck. I own an Apple. For the record, that's giving in, not selling out. I don't care to take the time rolling my own of anything most of the time.. I just want it to work. However, if I ever found proof of my personal privacy trust being compromised by deliberate holes in my hardware or software, I would find myself very, very, very angry about it. Matters of physical security in relation to software/hardware are another matter. Its just as easy, and more likely, to have your hardware compromised physically by any powers who would be powerful enough to pull the strings on deliberate pre placed software holes from vendors like Apple, RedHat, Sun, or Microsoft.

The "mad rogue coder with silver bullet" risk is less likely in the public (read: open source) sector by virtue of more review. I'd think so anyway. On the other end of things, you know the feds look over what they use. If an intelligence agency such as the NSA found a serious deliberate hole in a piece of open code, I'd like to think that efforts to see it removed from the mainline branches would be taken, and an investigation started by other agencies to figure out how it got there. The source of such things would be a major concern, in the most general of ways. In that context I'd think that national security would have a larger focus. Keeping a hole secret would only make sense if you were the only one holding the secret, or knew definitively who the other holders were.

I'd like to think that our government would not be behind placing deliberate holes as well, but I'm also naive for breakfast. They were fans of key escrow type schemes in the past.

Someone _is_ keeping all the major distribution folks on their toes. I think I've seen a news story about "attempted breakins" on just about every major open OS's source distribution site, as well at other key pieces of code. People are aware of and do think about these type of code compromises..

From the perspective of joe hacker. When it comes to trade craft, knowing is half the battle. The other half, ... [ Read More (0.6k in body) ]

RE: ACM Classic: Reflections on Trusting Trust

] NANOG actively works to produce sessions and seminars to
] help foster security on the Internet. All sessions are
] taped and converted to streaming media for all to use for
] their personal education. Slides are available for each
] session as well. Over time, this effort has generated a
] valuable online tutorial for engineers and others seeking
] to learn more about running a more secure network.

Wow. Nanog has developed an awesome collection of security presentations for previous conference.

NANOG Security Curriculum

] A variant of the MyDoom virus has started spreading,
] albeit slowly, and security experts expect it to target
] the main Web site of the music industry.
]
] The variant, MyDoom.F, deletes several different types of
] files stored on an infected computer and aims to attack
] the Web sites of Microsoft and the Recording Industry
] Association of America with a flood of data, antivirus
] companies said Friday.

So we are up to MyDoom.F now? Its only fitting that the RIAA wind up on the other side of some remix culture. I still don't like this whole virus threat evolution thing though. Someone is going to make a bad judgment at some point and set off something that's going to cause real problems.

RIAA to face MyDoom's music? | CNET News.com

Average Americans tend to see the Internet as safer and more secure than it is partly because they operate under a simplified notion of what the Net is.

Jeremy: As John Edwards might say, "Let's hear it for Average Americans!"

Me: No comment.

The cyberworld in which we live at the moment resembles the snarly Gibsonian version more closely than it does the harmless version put forth in commercials touting e-commerce. In this real cyberspace, skilled hackers attack large institutions — including the federal government — and equally brilliant ex-hackers try to fend them off. The two sides fight each other to a fragile standstill, break off, and go back at it again the next day. The realization that hackers sometimes win caused the Pentagon last week to cancel a plan that would have allowed military personnel and other Americans in 50 foreign countries to vote via the Internet.

The New York Times is tuning onto the same channel as Gibson.

The Hard Way to Learn That the Internet Is Not Disneyland