Several rumours from google sources that China accessed google's US-gov intercept system which provides gmail subjects/dates
This was my suspicion when I read that the attackers had accessed "subject lines" from emails but not the content. It sounds like they got access to a system designed for use by law enforcement when they have "trap and trace" authority but not a warrant. Personally, I think email subject lines are not "routing information" and should require a warrant, but the matter hasn't been litigated to my knowledge and of course, law enforcement disagrees.
This is somewhat relevant to my Blackhat DC talk on lawful intercept vulnerabilities, but of course even if this is true, a totally different technology was involved...
Comcast Hijackers Say They Warned the Company First | Threat Level from Wired.com
Topic: Computer Security
1:24 pm EDT, Jun 2, 2008
The computer attackers who took down Comcast's homepage and webmail service for over five hours Thursday say they didn't know what they were getting themselves into.
In an hour-long telephone conference call with Threat Level, the hackers known as "Defiant" and "EBK" expressed astonishment over the attention their DNS hijacking has garnered. In the call, the pair bounded freely between jubilant excitement over the impact of their attack, and fatalism that they would soon be arrested for it.
Neither hacker would identify their full names or locations. Defiant's MySpace profile lists him in Cashville, Tennessee, but he says that's incorrect. His girlfriend lists herself in New York. Threat Level expects both hackers' names and locations will emerge shortly.
This is entertaining... One of those cases where you really gotta sympathize with the perps. It was a prank - fairly innocent. Egg on Comcast's face for getting outsmarted by a couple of teenage pot heads. Hope they don't throw the book at them. This isn't the mafia here.
Information overload. If you're responsible for maintaining your network's security, you're living with it every day. Logs, alerts, packet captures, and even binary files take time and effort to analyze using text-based tools - and once your analysis is complete, the picture isn't always clear, or timely. And time is of the essence.
Information visualization is a branch of computer science concerned with modeling complex data using interactive images. When applied to network data, these interactive graphics allow administrators to quickly analyze, understand, and respond to emerging threats and vulnerabilities.
Security Data Visualization is a well-researched and richly illustrated introduction to the field. Greg Conti, creator of the network and security visualization tool RUMINT, shows you how to graph and display network data using a variety of tools so that you can understand complex datasets at a glance. And once you've seen what a network attack looks like, you'll have a better understanding of its low-level behavior - like how vulnerabilities are exploited and how worms and viruses propagate.
You'll learn how to use visualization techniques to:
# Audit your network for vulnerabilities using free visualization tools, such as AfterGlow and RUMINT # See the underlying structure of a text file and explore the faulty security behavior of a Microsoft Word document # Gain insight into large amounts of low-level packet data # Identify and dissect port scans, Nessus vulnerability assessments, and Metasploit attacks # View the global spread of the Sony rootkit, analyze antivirus effectiveness, and monitor widespread network attacks # View and analyze firewall and intrusion detection system (IDS) logs
Security visualization systems display data in ways that are illuminating to both professionals and amateurs. Once you've finished reading this book, you'll understand how visualization can make your response to security threats faster and more effective
School: Did you really name your son Robert'); Drop Table Students;--? Mom: Oh. Yes. Little Bobby Tables we call him School: Well, we've lost this year's student records. I hope your happy. Mom: and I hope you've learned to sanitize your database inputs.
HAHAHA! Sweet.
To be fair, you shouldn't sanitize user input, you should validate it.
Germany basically banned all "hacking tools." "Hacking tools" are not defined. This is having a spectacularly destructive impact on computer security research world wide as German resources become unavailable and people are starting to avoid traveling there. (Image from this story.)
NBC Reporter with hidden camera in purse hoping to catch conference attendees committing to crimes (according to Defcon staff) flees Defcon 15 after being outed.
OMG FUCKING LOOOOOOLLLLL!!!!
For more information on this awesome totally ethical NBC program, see this.
I think DT handled that well. The role reversal that took place when the conference attendees were following her to her car was hilarious. "We just want to ask a few questions!"
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:
* Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing * Tracking phone calls placed by the user * Manipulating the phone to place a call without the user accepting the confirmation dialog * Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone * Preventing the phone from dialing
A fascinating IEEE Spectrum article on the incident in which lawful intercept facilities were hacked to permit the secret tapping of the mobile phones of a large number of Greek government officials, including the Prime Minister:
http://www.spectrum.ieee.org/print/5280
Hat tip: Steve Bellovin.
Perry -- Perry E. Metzger perry@piermont.com
This is worth reading. An operation leverages the "lawful intercept" features of telephone switches, combined with rootkit malware specifically designed for the switches, and a collection of corrupt employees for some very unlawful intercepts. One, possibly two deaths. One of the most sophisticated computer intrusions I have ever heard of. Most likely a state intelligence organization. Americans widely suspected.
CalicoPenny let us know about yet another "30 days" effort, this one to name the names of major companies infected with spam-spewing bots. Support Intelligence began the effort on March 28, out of frustration at not being able to attract the attention of anyone who could fix the problems at these companies.
