Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Recently Commented

An Account of the Estonian Internet War

About a year ago after coming back from Estonia, I promised I'd send in an account of the Estonian "war". A few months ago I wrote an article for the Georgetown Journal of International Affairs, covering the story of what happened there. This is the "war" that made politicians aware of cyber security and entire countries scared, NATO to "respond" and the US to send in "help". It deserved a better understanding for that alone, whatever actually happened there. more

Coders, Crackers and Bots, Oh My!

There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more

Black Hats, White Hats, Crackers and Bots

One of the other web sites I subscribe to is Stratfor. It's a global intelligence website and doesn't really have much to do with spam. But I like politics so I read it. They have some articles which you can get for free, but the better stuff you have to pay for. About two weeks ago, they ran a three-part series on Cyberwarfare. The first article was the title of this post, which you can access here (requires registration). In the article they described different types of cybercriminals and not-so-criminals which they referred to under the umbrella as "hackers." more

RIPE NCC Publishes Case Study of youtube.com Hijack

As you may be aware from recent news reports, traffic to the youtube.com website was 'hijacked' on a global scale on Sunday, 24 February 2008. The incident was a result of the unauthorised announcement of the prefix 208.65.153.0/24 and caused the popular video sharing website to become unreachable from most, if not all, of the Internet. The RIPE NCC conducted an analysis into how this incident was seen and tracked by the RIPE NCC's Routing Information Service (RIS) and has published a case study... more

The Future of Cyber Warfare

Every now and then I get emails from readers of my blog. I mostly reply to them in private, but I recently got one question where I thought my reply might be of general interest. I took the liberty of editing the question somewhat, but in essence it was: "If you have any insight you can share with my class on cyber warfare and security, I would be delighted on hearing it." In general, I think that it's an obvious conclusion that both offensive and defensive actions with regard to national telecommunications infrastructure is becoming an integral part of a nations security assessments.... more

Facebook Apps on Any Website: A Clever Move? Or a Security Nightmare?

Well, given the amount of malicious JavaScript, malware, and other possibilities to use Facebook (and other similar social networking platforms) for abuse, I certainly wouldn't categorize this news as a "clever move"... In fact, I foresee this as an extraordinarily short-sighted move with far-reaching security implications -- which will allow the levels of malicious abuse to reach new heights. more

Client-based WDS: Providing Application Acceleration in Mobile and VPN Environments

Wide-Area Data Services (WDS), aka "WAN Optimization" is becoming the most effective way to improve application performance while reducing network traffic. In scenarios where there is significant network latency that would otherwise render many applications unusable, WDS can deliver almost LAN-like speed. Where bandwidth constraints exist and there is no practical or economical option, WDS can help reduce network traffic, allowing you to postpone or avoid circuit upgrades altogether. The technology provides the ability to centralize applications and servers, furthering the cost savings on hardware, software licensing, maintenance and the operation of a distributed architecture. more

USA Today: Spam Is Bad

A reasonably well informed article in Thursday's USA Today reminds us that in 2004 Bill Gates said the spam problem would be solved in early 2006, but here at the end of 2007 there's more spam than ever. They go through a laundry list of problems of spambots, new kinds of PDF and MP3 spam, and phishing, and a list of of partial or non-solutions including filters, walled gardens, and an odd system called Boxbe, a hybrid of whitelists, challenge/response, and pay for delivery. Oh, and Bill says he never said spam would be solved... more

How Big is the Storm Botnet?

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it? Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year... more

Spamford Wallace Gets Sued Yet Again

If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more

Let’s Be Careful Out There: Bogus Windows Domains

Last week, my colleagues over at Sunbelt Software discovered a bogus Windows domain being registered earlier this month (where the "w" in "windows" is actually two "v"s). Today, I've been alerted to the fact that are several additional Windows domains which have registered where the "w"s have been also been replaced with "v"s... more

VoIP/IP Telephony in Estonia: Disrupted by Botnets?

With my post earlier this month about the possibility of SIP botnets [also featured here on CircleID], I've had a number of people asking about more information and wondering about the possible impacts. And while I will write more on botnets in general, as far as the potential impact of "botnets" in general, one need only look over at the current situation in Estonia... Now, perhaps Russia is behind the attack... perhaps not. There are obviously much larger political issues going on between the two states. more

More on Broadband Router Insecurity and Being Proactive

Fergie replied on NANOG to my recent post on the subject of broadband routers insecurity: "I'll even go a step further, and say that if ISPs keep punting on the whole botnet issue, and continue to think of themselves as 'common carriers' in some sense -- and continue to disengage on the issue -- then you may eventually forced to address those issues at some point in the not-so-distant future..." He is right, but I have a comment I felt it was important - to me - to make. Not just on this particular vulnerability, but on the "war"... more

Broadband Routers and Botnets: Being Proactive

In this post I'd like to discuss the threat widely circulated insecure broadband routers pose today. We have touched on it before. Today, yet another public report of a vulnerable DSL modem type was posted to bugtraq, this time about a potential WIRELESS flaw with broadband routers being insecure at Deutsche Telekom. I haven't verified this one myself but it refers to "Deutsche Telekom Speedport w700v broadband router"... more

Domain Name Resale Market a Haven for Phishers?

In a recent article at TechWeb, the following observations were made: "Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers... Finnish-based F-Secure has identified more than 30 registered domain names for resale that would be of interest only to the legitimate holder of the trademark or to phishers..." more