Caffeinated Security

apache.org incident report for 04/09/2010

Thu, 15 Apr 2010 10:02:21 -0700

Apache.org services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software.

via blogs.apache.org

Great example of an incident report.

Permalink | Leave a comment »

SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0

Thu, 15 Apr 2010 09:48:24 -0700

Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries.

via scribd.com

Permalink | Leave a comment »

Google CEO: 'We're now paranoid' about security

Thu, 15 Apr 2010 09:43:56 -0700

"Our Web services and Web platforms will be inherently more secure" than alternatives, Schmidt said. "Hold us to this."

via news.cnet.com

Okay.

Permalink | Leave a comment »

Spy Network Pilfered Classified Docs From Indian Government and Others

Thu, 15 Apr 2010 09:38:57 -0700

The researchers say the spying is an example of a sophisticated shift that has occurred in malware networks from “what were once primarily simple to increasingly complex, adaptive systems spread across redundant services and platforms” and from ones that primarily focused on exploitation for criminal purposes to ones that are focused on “political, military, and intelligence-focused espionage.”

via wired.com

Permalink | Leave a comment »

Reaction to Cyber Shockwave

Thu, 15 Apr 2010 09:34:47 -0700

For me, the lesson of Cyber Shockwave is to first determine how your leaders think, then recommend policy actions. In the realm of digital security, this requires identifying what priorities your management places on digital security. With a better understanding of their thought process, you can tailor your message to match their strengths, weaknesses, hopes, fears, and biases.

via btsecurethinking.com

Permalink | Leave a comment »

DHS studying global response to Conficker botnet

Thu, 15 Apr 2010 09:29:27 -0700

One year after the Conficker botnet was front-page news around the world, the U.S. Department of Homeland Security is preparing a report looking at the worldwide effort to keep it in check.

The report, to be published within the month, shows how an ad hoc group of security researchers and Internet infrastructure providers banded together into an organization they called the Conficker Working Group. Its goal was to address what was at the time the world's most serious cyberthreat.

via networkworld.com

Permalink | Leave a comment »

TaoSecurity: Time and Cost to Defend the Town

Thu, 15 Apr 2010 09:23:53 -0700

Consider the following scenario. You're the mayor of a town. You need to decide how much of your budget to allocate to the fire department. To apply the most simplistic analysis to the problem, consider this scene. As mayor you give the fire chief a simple goal: "protect us from fires!" The fire chief asks you: "Mayor, on average, how fast do you want the fire department to respond to a fire?"

via taosecurity.blogspot.com

Permalink | Leave a comment »

Firefox plugin decodes malicious Web sites

Thu, 15 Apr 2010 08:17:29 -0700

A computer security researcher has released a plugin for Firefox that provides a wealth of data on Web sites that may have been compromised with malicious code.

The plugin, called Fireshark, was released on Wednesday at the Black Hat conference

via infoworld.com

Permalink | Leave a comment »

Germans Investigate H.P. Workers for Kickbacks - NYTimes.com

Thu, 15 Apr 2010 07:58:11 -0700

German authorities have arrested three people who worked for Hewlett-Packard as part of an investigation into alleged kickbacks paid in connection with a contract to supply equipment to Russian law enforcement.

via nytimes.com

Permalink | Leave a comment »

NSA director to testify at Senate hearing on cyber command unit

Thu, 15 Apr 2010 07:53:33 -0700

Alexander is set to testify before the Senate Armed Services Committee on Thursday but has already provided written responses to questions from lawmakers.

Among other things, he stated that, faced with a cyber attack, the military must be able to respond in kind. It is "reasonable to assume that returning fire in cyberspace" is lawful, as long as any actions comply with the laws of war, he said in a 32-page document.

via washingtonpost.com

Permalink | Leave a comment »

10 signs that you work in computer forensics « Happy as a Monkey

Wed, 14 Apr 2010 19:44:12 -0700

1. You can’t search Google or visit a web site without worrying about how it’d look to someone analysing your machine.

2. You get drunk and Google “normal-looking women with their clothes on” when your wife’s gone to bed.

3. Someone is explaining a scenario to you that’s reaching its end with “and then he asked ‘do you want me to turn on my webcam, so you can see my face?’, and I said ‘OK’, and…” and you spend the next five minutes laughing hysterically then apologising profusely.

4. None of your friends will lend you their camera memory card.

5. You’ve got the most powerful workstation out of all your geek friends, but you’re the only one who doesn’t game online with it.

6. People you meet at parties are interested when they hear your job title, then move away when you tell them how you actually spend your days.

7. You wake a sleeping computer by pressing the ’shift’ key.

8. You marvel at the tinyness of a 32GB microSD card, but are secretly thinking that you really need to start considering doing cavity searches on warrants

9. The salesman is showing you a high-tech washing machine, and you’re wondering how you’d get and analyse the data off it

10. You know at least one friend of a friend of a friend who always corners you to ask about the best wiping software.

via happyasamonkey.wordpress.com

Permalink | Leave a comment »

Naming and Shaming ‘Bad’ ISPs

Wed, 14 Apr 2010 19:40:37 -0700

I polled some of the most vigilant sources of this information for their recent data, and put together a rough chart indicating the Top Ten most prevalent ISPs from each of their vantage points.

via krebsonsecurity.com

Doesn't seem like we have a lot of defensive tools based on AS numbers, though.

Permalink | Leave a comment »

TaoSecurity: Forget ROI and Risk. Consider Competitive Advantage

Wed, 07 Apr 2010 08:02:55 -0700

I've decided that competitiveness is the new theme which I will use to justify my team's activities when discussing our mission with management.

via taosecurity.blogspot.com

Permalink | Leave a comment »

Microsoft runs fuzzing botnet, finds 1,800 Office bugs

Wed, 31 Mar 2010 20:03:01 -0700

"We call it a botnet for fuzzing," said Gallagher, referring to what Microsoft has formally dubbed Distributed Fuzzing Framework (DFF). The fuzzing network originated with work by David Conger, a software design engineer on the Access team.

Client software installed on systems throughout Microsoft's network automatically kicks in when the PCs are idle, such as on weekends, to run fuzzing tests "We would do millions of [fuzzing] iterations each weekend," Gallagher said -- up to 12 million in some cases.

via computerworld.com

Permalink | Leave a comment »

“It doesn’t matter how you define cyberwar,” says Amit Yoran | The New New Internet

Wed, 31 Mar 2010 10:43:03 -0700

Amit Yoran, CEO of NetWitness, has now joined the debate. In an article published in Forbes, Yoran looks to provide a bit more perspective to both parties involved in the debate. For Yoran, “it doesn’t matter how you define cyberwar or whether you believe we are currently at a state of cyberwar or not.”

Instead of focusing on this issue, Yoran believes that the focus should be on cybersecurity as not just a national security issue, but also an economic issue. Millions of dollars is stolen from the United States each month by cyber criminals.

via thenewnewinternet.com

I believe that Yoran is fundamentally wrong. Dealing with small criminals, organized crime, non-state ideologically-motivated actors, and nation-states all require different approaches in many areas.

Permalink | Leave a comment »

My SecTools

Wed, 31 Mar 2010 10:32:55 -0700

The MySecTools idea was born when a user sent an email to the handlers at the SANS Internet Storm Center , where I am a volunteer handler, asking about an updated version of Sectools.org, which is a great website.

I decided to create this site with my preferred Security tools, which will be in different sections, like Malware Analysis tools, Network tools,etc...

via mysectools.com

Permalink | Leave a comment »

Is the cyber threat overblown? | Stephen M. Walt

Wed, 31 Mar 2010 10:26:40 -0700

Am I the only person -- well, besides Glenn Greenwald and Kevin Poulson -- who thinks the "cyber-warfare" business may be overblown? It’s clear the U.S. national security establishment is paying a lot more attention to the issue, and colleagues of mine -- including some pretty serious and level-headed people -- are increasingly worried by the danger of some sort of "cyber-Katrina." I don't dismiss it entirely, but this sure looks to me like a classic opportunity for threat-inflation.
Mind you, I'm not saying that there aren't a lot of shenanigans going on in cyber-space, or that various forms of cyber-warfare don't have military potential. So I'm not arguing for complete head-in-the-sand complacency. But here’s what makes me worry that the threat is being overstated.

via walt.foreignpolicy.com

No, you're definitely not the only one.

Permalink | Leave a comment »

Excerpts from s.773 as introduced in the U.S. Senate: Cybersecurity Act of 2009 « Payment Card Security & IT Controls Explained

Wed, 31 Mar 2010 10:24:28 -0700

The following are interesting excerpts from S.773 that were of particular interest. I strongly suggest reading the full bill and the included comments, as this will be impactful to global information technology security controls in the near future.

via pcidss.wordpress.com

Permalink | Leave a comment »

ATA Secure Erase - ata Wiki

Fri, 26 Mar 2010 09:39:25 -0700

This procedure describes how to use the hdparm command to issue a Secure Erase ATA instruction to a target storage device. When a Secure Erase is issued against a SSD drive all its cells will be marked as empty, restoring it to factory default write performance.

via ata.wiki.kernel.org

Permalink | Leave a comment »

Law Enforcement Appliance Subverts SSL

Wed, 24 Mar 2010 14:14:28 -0700

That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means.

Normally when a user visits a secure website, such as Bank of America, Gmail, PayPal or eBay, the browser examines the website’s certificate to verify its authenticity.

At a recent wiretapping convention however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds designed to intercept those communications, without breaking the encryption, by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.

The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead Mallory found a way to get in the middle and pass the messages back and forth without Alice or Bob knowing she was there.

The existence of a marketed product indicates the vulnerability is likely being exploited by more than just information-hungry governments, according to leading encryption expert Matt Blaze, a computer science professor at University of Pennsylvania.

“If company is selling this to law enforcement and the intelligence community, it is not that large a leap to conclude that other, more malicious people have worked out the details of how to exploit this,” Blaze said.

The company in question is known as Packet Forensics, which advertised its new Man-In-The-Middle capabilities in a brochure handed out at the Intelligent Support Systems (ISS) conference, a Washington DC wiretapping convention that typically bans the press. Soghoian attended the convention, notoriously capturing a Sprint manager bragging about the huge volumes of surveillance requests it processes for the government.

According to the flyer: “Users have the ability to import a copy of any legitimate key they obtain (potentially by court order) or they can generate ‘look-alike’ keys designed to give the subject a false sense of confidence in its authenticity.” The product is recommended to government investigators, saying “IP communication dictates the need to examine encrypted traffic at will” and “Your investigative staff will collect its best evidence while users are lulled into a false sense of security afforded by web, e-mail or VOIP encryption.”

Packet Forensics doesn’t advertise the product on its website, and when contacted by Wired.com, asked how we found out about it. Company spokesman Ray Saulino initially denied the product performed as advertised, or that anyone used it. But in a follow-up call the next day, Saulino changed his stance.

via wired.com

Permalink | Leave a comment »