| |
Current Topic: Computer Security |
|
Analysis of the Green Dam Censorware System |
|
|
Topic: Computer Security |
4:02 pm EDT, Jun 12, 2009 |
This is truly amusing. We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC. According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material. We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process. We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately. Our brief testing proves that Green Dam contains very serious security vulnerabilities. Unfortunately, these problems seem to reflect systemic flaws in the code. The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf. These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack. If Green Dam is deployed in its current form, it will significantly weaken China's computer security. While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing. This will be difficult to achieve before China's July 1 deadline for deploying Green Dam nationwide.
Analysis of the Green Dam Censorware System |
|
Topic: Computer Security |
1:52 pm EDT, Jun 9, 2009 |
Company makes hosting software. Hosting software has 0day SQL Injection. Hackers exploit an entire hosting provider running the software and destroys 100,000 websites, 1/2 of which have no backups (shit!). Software CEO commits suicide. ... Damn. SQL injection kills... |
|
Electricity Grid in U.S. Penetrated By Spies - WSJ.com |
|
|
Topic: Computer Security |
6:40 pm EDT, Apr 8, 2009 |
Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. "The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians." The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."
The Chinese have been owning just about everyone lately. I can't help but think that the Kung Fu analogy wasn't the greatest of ideas. The CyberWar rages on... Electricity Grid in U.S. Penetrated By Spies - WSJ.com |
|
40% of hard drives bought on eBay hold personal, corporate data |
|
|
Topic: Computer Security |
5:06 pm EST, Feb 12, 2009 |
A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive information.
Recently, Decius wrote: One must assume that all garbage is monitored by the state. Anything less would be a pre-911 mentality.
40% of hard drives bought on eBay hold personal, corporate data |
|
Think Progress » McCain campaign sells surplus Blackberries with ‘hundreds of emails,’ phone numbers still on them. |
|
|
Topic: Computer Security |
12:43 am EST, Dec 13, 2008 |
From ThinkProgress:
The Washington Post reported this week that the McCain campaign is selling surplus office and computer equipment. Reporters from Fox’s Washington, DC affiliate went over to the “fire sale” and bought several Blackberries from the campaign. When the Fox employees turned the devices on, they found that Blackberries still “contained more than 50 phone numbers for people connected with the McCain-Palin campaign, as well as hundreds of emails.” Contacted by Fox News, one of the former Blackberry owners said, “They should have wiped that stuff out. … Given the way the campaign was run, this is not a surprise.”
Think Progress » McCain campaign sells surplus Blackberries with ‘hundreds of emails,’ phone numbers still on them. |
|
U.S. Is Losing Global Cyberwar, Commission Says - BusinessWeek |
|
|
Topic: Computer Security |
12:48 pm EST, Dec 8, 2008 |
The U.S. faces a cybersecurity threat of such magnitude that the next President should move quickly to create a Center for Cybersecurity Operations and appoint a special White House advisor to oversee it. Those are among the recommendations in a 44-page report by the U.S. Commission on Cybersecurity, a version of which will be made public today. The bipartisan panel includes executives, high-ranking military officers and intelligence officials, leading specialists in computer security, and two members of Congress. To compile the report, which is entitled "Securing Cyberspace in the 44th Presidency," commission members say they reviewed tens of thousands of pages of undisclosed documentation, visited forensics labs and the National Security Agency, and were briefed in closed-door sessions by top officials from Pentagon, CIA, and British spy agency MI5. From their research, they concluded that the U.S. badly needs a comprehensive cybersecurity policy to replace an outdated checklist of security requirements for government agencies under the existing Federal Information Security Management Act.
U.S. Is Losing Global Cyberwar, Commission Says - BusinessWeek |
|
Group Posts E-Mail Hacked From Palin Account | Threat Level |
|
|
Topic: Computer Security |
8:44 am EDT, Sep 18, 2008 |
Vice-presidential candidate Sarah Palin's private Yahoo e-mail account was hacked, and some of its contents posted on the internet Wednesday. The internet griefers known as Anonymous took credit for the intrusion, and screenshots of e-mail messages and photos belonging to the Alaska governor have been published by WikiLeaks. Threat Level has confirmed the authenticity of at least one of the e-mails. "This is a shocking invasion of the Governor's privacy and a violation of law," Rick Davis, McCain-Palin campaign manager said in a statement. "The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment." FBI spokesman Brian Hale said, "The FBI is aware of the alleged hacking incident involving Alaska Governor Sarah Palin and is coordinating with the United States Secret Service on the matter." A fourth screenshot shows an e-mail sent to Ivy Frye, a Palin aide, from someone claiming to belong to the group Anonymous advising that the person has changed the password to Palin's Yahoo account to prevent other members of Anonymous from accessing it again. The e-mail includes the new password. Palin has come under fire for using private e-mail accounts to conduct state business. Critics allege that she uses the account to get around public records laws, as the Bush administration has also been charged with doing.
Group Posts E-Mail Hacked From Palin Account | Threat Level |
|
Introduction Scrawlr: a free Crawler + SQL Injector tool |
|
|
Topic: Computer Security |
2:58 pm EDT, Jun 25, 2008 |
Billy strikes again: In response to all the Mass SQL Injection attacks this year, Microsoft approached HP and the Web Security Research Group (formerly SPI Labs) for assistance. While there was nothing they could patch, Microsoft wanted to provide tools to help developers find and fix these issues. After a month of development HP created Scrawlr.Scrawlr (short for SQL Injector and Crawler) is a free tool that will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr was designed specifically to help protect against these mass injection attack which are using Google queries to find older web applications and automatically injection them. As such, Scrawlr crawls a websites using the same techniques as a search engine: it doesn’t keep state, or submit forms, or execute JavaScript or Flash. This Scrawl is finding and auditing the pages that would have been indexed by the search engines. To reduce false positives Scrawlr provides proof of the vulnerability results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names! Microsoft Advisory HP Web Security Research Group Blog Scrawlr Download Scrawlr FAQ
Introduction Scrawlr: a free Crawler + SQL Injector tool |
|
Comcast Hijackers Say They Warned the Company First | Threat Level from Wired.com |
|
|
Topic: Computer Security |
1:24 pm EDT, Jun 2, 2008 |
The computer attackers who took down Comcast's homepage and webmail service for over five hours Thursday say they didn't know what they were getting themselves into. In an hour-long telephone conference call with Threat Level, the hackers known as "Defiant" and "EBK" expressed astonishment over the attention their DNS hijacking has garnered. In the call, the pair bounded freely between jubilant excitement over the impact of their attack, and fatalism that they would soon be arrested for it. Neither hacker would identify their full names or locations. Defiant's MySpace profile lists him in Cashville, Tennessee, but he says that's incorrect. His girlfriend lists herself in New York. Threat Level expects both hackers' names and locations will emerge shortly.
This is entertaining... One of those cases where you really gotta sympathize with the perps. It was a prank - fairly innocent. Egg on Comcast's face for getting outsmarted by a couple of teenage pot heads. Hope they don't throw the book at them. This isn't the mafia here. Comcast Hijackers Say They Warned the Company First | Threat Level from Wired.com |
|
Air Force Colonel Wants to Build a Military Botnet | Threat Level |
|
|
Topic: Computer Security |
3:26 pm EDT, May 12, 2008 |
Rob Kaufman, of the Air Force Information Operations Center, suggests mounting botnet code on the Air Force’s high-speed intrusion-detection systems. Defensively, that allows a quick response by directly linking our counterattack to the system that detects an incoming attack. The systems also have enough processing speed and communication capacity to handle large amounts of traffic. Next, in what is truly the most inventive part of this concept, Lt. Chris Tollinger of the Air Force Intelligence, Surveillance and Reconnaissance Agency envisions continually capturing the thousands of computers the Air Force would normally discard every year for technology refresh, removing the power-hungry and heat-inducing hard drives, replacing them with low-power flash drives, then installing them in any available space every Air Force base can find. Even though those computers may no longer be sufficiently powerful to work for our people, individual machines need not be cutting-edge because the network as a whole can create massive power. After that, the Air Force could add botnet code to all its desktop computers attached to the Nonsecret Internet Protocol Network (NIPRNet). Once the system reaches a level of maturity, it can add other .mil computers, then .gov machines.
This is so unbelievably stupid... Air Force Colonel Wants to Build a Military Botnet | Threat Level |
|