Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts... more
The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more
This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more
It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia. This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted -- but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination. more
In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially "destroy the Web". more
Each SANSFIRE, the Handlers who can make it to DC get together for a panel discussion on the state of information security. Besides discussion of the hot DNS issue, between most of us there is a large consensus into some of the biggest problems that we face. Two come to mind, the fact that "users will click anything" and that "anti-virus is no longer sufficient". These are actually both related in my mind... more
New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. more
On Tuesday July 8, CERT/CC published advisory #800113 referring to a DNS cache poisoning vulnerability discovered by Dan Kaminsky that will be fully disclosed on August 7 at the Black Hat conference. While the long term fix for this attack and all attacks like it is Secure DNS, we know we can't get the root zone signed, or the .COM zone signed, or the registrar / registry system to carry zone keys, soon enough. So, as a temporary workaround, the affected vendors are recommending that Dan Bernstein's UDP port randomization technique be universally deployed. Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I've heard plenty of complaints, and I've watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally... more
In the last few weeks we've seen two very different approaches to the full disclosure of security flaws in large-scale computer systems. Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London's Oyster card will soon be available to anyone with a laptop computer and a desire to break the law. These two cases highlight a major problem facing the computing industry, one that goes back many years and is still far from being unresolved. Given that there are inevitably bugs, flaws and unexpected interactions in complex systems, how much information about them should be made public by researchers when the details could be helpful to criminals or malicious hackers? more
Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I wanted to blog about but was waiting for the hype around the new generic Top-Level Domains (TLDs) to cool down. Jonathan Shea is an old friend who is in-charge of ".hk". I had the pleasure to catch up with him in Paris ICANN meeting. Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there was a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that are suspected to be involved in phishing. more
There are many companies in the spam-fighting business and most, if not all, claim to be hugely successful. Yet spam is exponentially more prevalent today than it was just 2 years ago. How can one conclude that today's anti spam solutions are working? This year spammers will use machine-generated programs to send trillions of unsolicited email. Thankfully, a new anti-spam technology has made its way into the market. more
ICANN has posted a request by Afilias for a new registry service in relation to "abusive" domains in dot-info. While in general the proposal is motivated by good intentions, the devil is in the details. While most folks (including myself) probably care very little about the .info TLD, my concern is that any bad implementation in .info might be copied or used as a precedent in other more important TLDs, in particular .com run by VeriSign. more
A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more
Hong Kong domains are the most dangerous in the world; this little factoid from a recent McAfee report generated quite a bit of media coverage, and even made TIME magazine's top stories list. But all is not as it seems, and aspects of the report may have been out of date before the report was even published. McAfee's study seems to be based on a year's worth of data, and last year was a particularly bad year for the Hong Kong domain, thanks to a gang of botnet spammers registering thousands of domains under the .hk ccTLD. These domains were most likely registered using stolen credit cards... more
Jonathan Zittrain's recent book, The Future of the Internet -- And How to Stop It, has spurred a lot of discussion both online and offline, with blog posts lauding his insights or criticising his over-apocalyptic imagination. The book itself makes fascinating reading for those who have watched the network grow from its roots in the research community into today's global channel for communications, commerce and cultural expression... One of the reasons that Zittrain puts forward for the growing popularity of closed or, as he prefers 'tethered', devices, is that they are less vulnerable to hacking, security flaws, malware and all the other perils that face any internet-enabled system. more
A World-Renowned Source for Internet Developments. Serving Since 2002.