March 2010______________________________________
Vodafone HTC Ships with Malware - (2010-03-09)
It's not a bug, it's a feature.
Cybercrime Pays - (2010-03-08)
According to the FDIC, online bank fraud netted over $120 million in the third quarter of 2009. Perhaps this is why Howard Schmidt claims cyberwar is "a terrible concept." The real threat in this day and age is cybercrime.
The Rise of Corporate Espionage - (2010-03-08)
The title of this book is no doubt inspired by John le Carré's "Tinker, Tailor, Soldier, Spy." The author of this review observes that: "spies and journalists have often had a symbiotic relationship. Generally, it involves the former using the latter to advance their interests."
Telescreens Everywhere - (2010-03-08)
"Sensor-Driven business models" as seen by the consultants at McKinsey.
Building a 97-Byte Executable - (2010-03-08)
Just how small can you make a legitimate Windows PE file?
At Ringside: DHS vs. NSA - (2010-03-05)
There's a Carlyle puppet running around yelling about "Cyber-War" on one side, and the new cybersecurity czar stating just the opposite on the other.
Why Intelligence Fails - (2010-03-05)
"The U.S. government spends enormous resources each year on the gathering and analysis of intelligence, yet the history of American foreign policy is littered with missteps and misunderstandings that have resulted from intelligence failures. In Why Intelligence Fails, Robert Jervis examines the politics and psychology of two of the more spectacular intelligence failures in recent memory: the mistaken belief that the regime of the Shah in Iran was secure and stable in 1978, and the claim that Iraq had active WMD programs in 2002."
Google's SCM "Wide Open" - (2010-03-04)
According to McAfee, no one at Google thought to secure the SCM that housed the company's source code. I guess they were too busy being brilliant. It also would have helped if the SCM's vendor (Perforce) used a secure-by-default installer.
Mariposa Herders Nabbed - (2010-03-02)
"Spain's Civil Guard said on Tuesday that it arrested three men suspected of running the so-called Mariposa botnet, named after the Spanish word for butterfly."
Damballa Contradicts McAfee - (2010-03-02)
Contrary to McAfee, which claimed the attacks were highly sophisticated, Damballah reports that: "While 'Aurora' was a very damaging attack that breached some of the most sophisticated networks in the world, it is a 'garden variety' botnet and can be traced back to July 2009, when the criminal operators first began testing."
RELATED: iSec has released a report on Operation Aurora.
Memory Models Used by Packers - (2010-03-02)
This article answers the question: "Why is the entry point section after unpacking in the section named UPX0?"
February 2010________________________________
Forensic Guides for Windows - (2010-02-28)
Presentation slides from Microsoft, marked "LAW ENFORCEMENT SENSITIVE INFORMATION –DO NOT SHARE THESE MATERIALS." These guides are actually a mixture of marketing, product documentation, and forensics.
UK Bill to Outlaw Open Wi-Fi - (2010-02-28)
Ahem. Good luck with that...
The Empire Strikes Back (At Cryptome)- (2010-02-25)
Microsoft submits (and then withdraws) a DMCA complaint against Cryptome, causing the site to go offline for a brief spell yesterday.
The Empire Strikes Back (At Waledac) - (2010-02-25)
"On February 22, in response to a complaint filed by Microsoft (“Microsoft Corporation v. John Does 1-27, et. al.”, Civil action number 1:10CV156) in the U.S. District Court of Eastern Virginia, a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot."
IBM Releases Threat Report - (2010-02-25)
If you've been following the news, there's nothing really that earth-shaking in this report: rogue PDFs, malicious links, and phishing are recurring attack vectors. The executive summary on this page is probably enough, don't bother jumping through all of the hoops needed to access the actual report.
Cyber Hackivists In Latvia - (2010-02-24)
"Latvian officials struggled Wednesday to come to grips with an enigmatic group that stole millions of classified tax documents from government computers in a purported effort to expose waste and graft in Europe's weakest economy."
Michael McConnell Does a Rain Dance - (2010-02-24)
It goes without saying that protecting our networks will require a large payment for services rendered by Booz Allen Hamilton...
Too Much Data (Even for Big Brother) - (2010-02-23)
“The T.I.A. tools crashed. They were simply incapable of processing so much information in real time. Like balloons affixed to a fire hydrant, they burst.”
FTC Reports Widespread Data Breaches - (2010-02-23)
"The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud"
Detection of Metamorphic Malware - (2010-02-19)
Another academic paper on an emerging malware tactic. This piece has good introductory material for people unfamiliar with this practice.
Malware Checks for VMs - (2010-02-18)
"In this paper, we present a technique that efficiently detects when a malware program behaves differently in an emulated analysis environment and on an uninstrumented reference host."
Details on the "Kneber" ZeuS Botnet - (2010-02-18)
"On Tuesday, January 26th, 2010 as part of routine analytic tasks related to an evaluation of an enterprise network, NetWitness discovered 75+ gigabyte [sp?] of stolen data the result of the activities of an unknown miscreant using a large botnet to control and monitor more than 74,000 compromised PCs."
"Miscreant?" Oh, that's rich. As you might expect, attribution details are sketchy at best. The Wall Street Journal has blamed the attack on "hackers in Europe and China."
Dick Destiny (aka George Smith) offers a succinct reality check:
"Typically, though, big or splashy news of government intrusions — the best scare stories — are now furnished almost entirely by vendors because vendors control the business of computer security in the US government."
USSS NITRO course - (2010-02-16)
The entire U.S. Secret Service Network Intrusion Responder Program (NITRO) Course. Nothing really that earth-shaking. In fact, you'd probably get a more in-depth foundation from publicly available info that you can order from amazon (e.g. Carvey, Carrier, Bejtlich, etc.).
Hardware Anti-Virus From Kaspersky - (2010-02-15)
"The patented device is installed between a drive (hard drive or SSD) and the computing unit (CPU and RAM) and is connected to the system bus or integrated into the disk controller. The hardware antivirus solution allows or blocks writing data to disk, providing threat alerts and information about its operation to the user (user dialog is possible if the hardware antivirus control utility is installed on the PC). The device can work on a standalone basis or in conjunction with a software antivirus application."
This solution is part of a trend that's emerged over the past couple of years. Software vendors attempt to defend sensitive code by placing it in a fortified execution environment that's hardware-based (e.g. the Root operating mode used by Intel's VT stack, Intel's Active Management Technology, etc.). This is all nice and well...until malware somehow gains entrance into these restricted areas.
Despite the inferences to being rootkit-proof, if this device interacts in any way with the host system, then it's vulnerable to subversion. We saw a graphic illustration of this years ago when Joanna Rutkowska demonstrated how to undermine hardware-based memory acquisition on the AMD platform. The notion that retreating to hardware offers bullet-proof security is flawed because hardware doesn't exist in isolation.
The company's press release further asserts that:
"Since it is implemented on the hardware rather than software level, the technology is not dependent on the operating system's configuration and can effectively combat malicious programs that elevate their privileges in the system, e.g., dangerous malware such as rootkits."
Does a rootkit really need to touch disk storage in order to elevate it's privileges? What about memory-resident rootkits?
PhD Thesis on Obfuscation - (2010-02-15)
A draft of Gregory Wroblewski's dissertation. It's a bit on the analytic side, which is to be expected with this sort of publication.
Rootkit Suspected in Recent BSoD Issues - (2010-02-12)
Microsoft has confirmed that XP users who installed the KB977165 patch, which was intended to address a flaw in the kernel that allowed escalation of privilege, may experience STOP errors during startup if their machines have been compromised by malware. For the time being, the official company line is: "malware on the system can cause the behavior." Microsoft has failed to offer further details as to the exact nature of this malware.
A system administrator by the name of Patrick Barnes believes that the TDSS rootkit is to blame. If you have been rooted, Kasperky offers a tool that can remove TDSS.
UPDATE: Microsoft has officially identified the Alureon rootkit as the culprit.
Eurocard Mastercard Visa Cracked - (2010-02-11)
Cambridge University researchers use a man-in-the-middle attack to subvert the two factor authentication mechanism, known as "Chip and PIN."
US Leads In Hacked Web Pages - (2010-02-11)
According to its 2010 Threat Report, Sophos claims that "the USA is still the dirty man of the web world - hosting more dangerous infected websites that any other country." According to the company's findings, roughly 37% of all compromised web sites are hosted here in the states.
Though, I would add that hosting a site that's had its content compromised and hosting a bullet-proof ISP are two different things. In the latter case, there's no doubt that China and Russia lead the pack.
L0pht Member Hired By DARPA - (2010-02-10)
"Peiter Zatko--a respected hacker known as 'Mudge'--has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks."
Cyrus: Can you dig it?
When Botnets Collide - (2010-02-10)
The Spy Eye botnet toolkit includes a "Kill Zeus" feature that users can enable. According to this article, the toolkit sells for $500 on the black market. I suppose you could find a bug in Google's Chrome browser and use the proceeds to buy Spy Eye.
Former Boeing Engineer Guilty of Spying - (2010-02-09)
Dongfan "Greg" Chung, a Chinese-born engineer gets 15 years on six counts of economic espionage that span a 30 year period.
Google's Bug Bounty Too Low - (2010-02-09)
"I think it's ridiculous," says Charlie Miller, "It's insulting. It's so low."
"If I did find a bug in Chrome, I could sell it to the Zero Day Initiative and make $2,000 and it still gets reported to Google eventually, so why would I give it to Google for $500? It doesn't make sense,"
TPM Chip Compromised - (2010-02-09)
Christopher Tarnovsky demonstrates how to crack TPM chips via physical access at Black Hat DC 2010.
Using Static Analysis to Find Bugs - (2010-02-07)
If attribution is a lost cause, maybe this is one avenue towards better software. This is a particularly readable article on a subject which can be rather dry if you stick to just the journal articles.
More Accusations Against China - (2010-02-05)
A leaked MI5 document accuses intelligence officers from China of giving rigged electronic devices to UK businessmen.
Cybersecurity Bill Passes - (2010-02-05)
Congress passes The Cybersecurity Enhancement Act, H.R. 4061.
Annual Threat Assessment from the DNI - (2010-02-05)
Bruce Schneier's Response.
Richard Bejtlich's Response.
Schneier on Attribution - (2010-02-05)
"Mandating universal identity and attribution is the wrong goal. Accept that there will always be anonymous speech on the Internet. Accept that you'll never truly know where a packet came from. Work on the problems you can solve: software that's secure in the face of whatever packet it receives, identification systems that are secure enough in the face of the risks. We can do far better at these things than we're doing, and they'll do more to improve security than trying to fix insoluble problems."
January 2010_________________________________
CSIS Study Funded By McAfee - (2010-01-29)
This survey queried 600 IT executives from 14 countries and focuses on threats to infrastructure targets. Keep in mind that this report is just that: a survey. It's interesting to note that respondents believed that the United States and China were the most likely countries to perform infrastructure attacks.
The timing of this report is also remarkable as is the alarmist tone that it adopts (as if to gauge public susceptibility to cyber-hysteria).
Studies in Intelligence - (2010-01-27)
Unclassified extracts from Studies in Intelligence Volume 53, Number 4 (December 2009)
Digital DNA - (2010-01-27)
DARPA searches for a way to identify hackers by their trail of bits. Cutting-edge anti-forensics will no doubt render this pointless. As one reader commented: "a very sophisticated hacker (or gov agency) could fake a lot of this stuff and frame someone else." This one reason why attribution is such a big deal when it comes to cyber attacks.
Having said that, read the following article about the office of strategic deception that the DoD wants to create.
The Pentagon Wants Better Strategic Deception - (2010-01-27)
"To be effective, a permanent standing office with strong professional intelligence and operational expertise needs to be established."
The Cult of Cyberwar - (2010-01-22)
"Is there really one person who knows exactly what the Chinese are doing to attack America in cyberspace all the time? If you read the US newsmedia and take it very seriously, you'd think so."
Aurora Forensics - (2010-01-21)
It looks like whoever implemented the Google hack was comfortable reading simplified Chinese (though this could very well be an anti-forensic measure). As Richard Bejtlich has observed. and rightly so, malware analysis is NOT attribution.
Aurora's (Not-So) Covert Channel - (2010-01-21)
Some analysis done by McAfee on the communication channel used by the code that recently found its way on to Google's servers.
Rootkits Hit The Mainstream - (2010-01-21)
A NYTimes article that touches in rootkit-related topics (e.g. concealment, command & control, and covert channels)
Congress Does It Again - (2010-01-19)
Legislators propose a bill that would block US companies from working with the US government. Hypocrisy in action.
Articles on BIOS Reversing - (2010-01-19)
Run silent, run deep.
The Geek Shortage Myth - (2010-01-18)
This article from Wired talks about DARPA's effort to bolster national security by encouraging students to choose technical majors. This implies that the existing "shortage" is due to a general lack of interest.
The reality is that nothing could be further from the truth. There's no shortage of technical talent in the United States. In fact, if you follow the research done by Computer Science Professor Norman Matloff, you'd see that there's more likely a glut of computer science PhDs. Couple this with the emergence of offshore outsourcing and the H1-B program, which push demand and wages down. It should come as no surprise that fewer students are choosing to study computer science.
The Utility of Security Databases - (2010-01-15)
According to former CIA analyst Ray McGovern:
"Cui bono? Think the contractors who create marvelous databases — and the mindset of: the-more-contractors-and-databases-the-merrier...Think also of snake-oil salesmen like former Justice Department and Homeland Security guru Michael Chertoff, who could not resist the temptation over the past several days to keep hawking on TV the full-body scanners marketed by one of the Chertoff Group’s clients."
Das System ist veraltet! - (2010-01-15)
Der Spiegel has published a story about german hackers who've cloned airport security cards.
HITB Magazine. Vol. 1, Issue 1 - (2010-01-11)
Hack In The Box has decided to make its e-zine available for free.
Bad Intel - (2009-01-10)
A report from the Center For a New American Security (CNAS), another DC-based think tank, that offers some recommendations on how to fix our intel appartus.
ITRC Data Breach Report - (2010-01-10)
ITRC collects information about data breaches made public via reliable media and notification lists from various governmental agencies. According to ITRC's 2009 report, malicious attacks (e.g. Hacking and Insider Theft) have taken the lead (36.4%) over human error (Data on the Move and Accidental Exposure, 27.5%).
App Sandboxing: The Last Line of Defense - (2010-01-10)
Dino Dai Zovi expounds on the merits of application-level sandboxing (he spoke about this last year during an interview with Tom's Hardware).
Dog Eat Dog - (2010-01-10)
Hackers steal data from a criminal of a different sort: Robert Allen Stanford.
Transforming Shellcode - (2010-01-10)
A tool called ALPHA3 that compiles shellcode into a stream of alphanumeric bytes.
The FBI's "Dead" List - (2010-01-04)
A list of roughly 17,000 people who are likely to have FBI files. All have two things in common: all were prominent in some way, and all are now dead.
The "VIP" List - (2010-01-04)
A list of some 3,000 prominent former military service men and women whose service records may be obtained under the Freedom of Information Act.
Data Leak Statistics For Massachusetts - (2010-01-04)
"One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years."
Ten Years of Cyber-crime - (2010-01-03)
Highlights from the past ten years, courtesy of Wired magazine.
Bombs Placed in an Uncomfortable Spot - (2010-01-01)
Life imitates art, per the Joker's ruse in The Dark Knight. Though, to be honest, the Joker's idea showed greater planning.
December 2009_______________________________
Data Leak Impacts 32 Million Users - (2009-12-31)
Credentials were stored in an unencrypted format!
Malware Analysis: A Systematic Approach - (2009-12-31)
A Masters thesis by a Norwegian student (in english).
Botnet Help Desks- (2009-12-31)
Proof that the criminal ecosystem is evolving and growing.
Related: Wired has a similar article that focuses on underground detection services.
ITL Presents Another TXT Attack - (2009-12-29)
Another hardware hack from Invisible Things.
Cracking GSM - (2009-12-29)
The GSM algorithm used to protect mobile phone traffic offers only weak security.
The Offensive Approach to Botnets - (2009-12-29)
"By cutting off the botnet's pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down."
Related: McAfee predicts that botnets will go peer-to-peer to defend against this attack.
ITL Hacks TXT - (2009-12-24)
Rutkowska finds a way to attack Intel's Trusted Execution Technology. Intel has responded.
RAM Scrapers: The New Key Loggers - (2009-12-24)
Black Hats find a way to subvert forensic tools to collect data.
Malware Lineup - (2009-12-24)
A report by AV-Comparatives that examines how well 16 different AV products do in terms of heuristic detection. Caveat emptor.
Accessing the Kernel from Userland - (2009-12-22)
"NtSystemDebugControl(), despite being undocumented, has been known for many years. It provides simple functions such as reading from and writing to any location within the kernel memory. And this is exactly what a piece of malware needs to manipulate kernel objects."
Related: Hiding injected modules.
Espionage Manual- (2009-12-22)
Related: This guy probably should have read the manual.
Hacker Nabbed by Italian Police - (2009-12-22)
"Italian police Friday arrested an alleged hacker with links to organized crime in the Naples area who is accused of defrauding banks and mobile phone operators out of several million dollars."
Hacking EC2 - (2009-12-22)
"In the end, they succeeded in placing malicious virtual machines on the same servers as targets 40 percent of the time, all for a few dollars."
Insurgents Intercept Drone Video Feeds - (2009-12-22)
All it took was a $26 tool to undermine an insecure billion-dollar technology ...
Related: Wired has a story on this also. "Military officials have known about this potential vulnerability since the Bosnia campaign. That was over 10 years ago."
Citibank Attacked By Cyber Gang - (2009-12-22)
I've said it once and I'll say it again, cybercrime (not cyberwar) is the clear and present danger. Hackers using IP addresses previously employed by the Russian Business Network gang have apparently stolen tens of millions from Citibank.
Related: Details on yet another series of fraudulent withdrawals from Citibank.
Document on CIA Drug Testing - (2009-12-20)
From the folks at the New York Times.
How to Overthrow An Entrenched Power Structure - (2009-12-20)
The Civil Rights Movement offers a useful example of how this can be done in practice.
Someone Stole US-South Korea War Plans - (2009-12-20)
The attackers used an IP address allocated to a machine in China. Remember what I've said about attribution...
FBI Foils Bank Attack - (2009-12-12)
"With the increased connectivity in countries that heretofore didn't have that amount of access, and the technological advances made in corporate America that have put vulnerable financial information online, it's been the perfect storm."
Scareware Pays- (2009-12-12)
According to the IC3, to the tune of $150 million.
Basic Spy Tradecraft For Travelers - (2009-12-12)
A manual written by one of the few people to be trained by both the CIA and the KGB.
Part 01 Part 02 Part 03 Part 04
Botnet Invades Amazon EC2 Cloud - (2009-12-12)
"Variants of this malware have been linked to more than $100 million in bank fraud in the past year."
SQL Injection Attack Affects More Than 132,000 Servers - (2009-12-12)
"The injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan."
Bypassing Biometrics - (2009-12-12)
"Japanese police suspect Chinese brokers of taking huge sums to modify fingerprints surgically."
IRS Phishing Scam Diverts $100,000 - (2009-12-12)
"Maxim Maltsev, 24, of the Siberian city of Novosibirsk ... used a spam campaign to trick people into submitting their tax returns to his fake e-filing site."
Reports from Verizon's Forensics Team - (2009-12-12)
John Young Does it Again - (2009-12-12)
Check out the recently leaked TSA document, with the little black squares removed...
McAfee Maps Malicious Domains - (2009-12-04)
Cybercriminals target regions where registering sites is cheap, convenient, and pose the least risk of being caught.
ISP Lawful Interception (Spying) Guide - (2009-12-04)
An interesting look at corporate procedures, courtesy of John Young.
Are You Sarah Connor? - (2009-12-04)
For the first time in history, a civilian intelligence agency is using robots to carry out a military mission, selecting people for killing in a country where the United States is not officially at war.
November 2009________________________________
The Cyberwar Money Train - (2009-11-30)
"The initiative is the latest by a major U.S. defense contractor aimed at hatching solutions to cyber threats at a time that big-ticket weapons programs are being squeezed by cost-cutting imperatives."
EasyHook - (2009-11-30)
An open source project that "supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C#."
English Shellcode - (2009-11-24)
This is a cool idea: recast shellcode so that it looks like non-executable content (e.g. written english).
Control "Monitoring" is Not Threat Monitoring - (2009-11-24)
Another superb reality check by Richard Bejtlich. Performing a compliance audit should not be seen as a substitute for detecting, and responding to, intrusions.
To understand the "control mindset," which emphasizes compliance as a measure of security, read the following GAO report.
Cryptome Takes Down COFEE - (2009-11-22)
John Young thumbs his nose at Microsoft, at least for a while.
The NSA Works on Windows 7 - (2009-11-19)
"The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit."
The Cyber Coldwar - (2009-11-19)
A report on a report by McAfee.
I appreciated the author's admission that: "Because pinpointing the source of cyberattacks is usually difficult if not impossible, the motivations can only be speculated upon, making the whole cyberwar debate an intellectual exercise at this point."
Remember this the next time a politician starts pointing fingers...
Advice From the NSA's Info Assurance Director - (2009-11-19)
“We believe that if one institutes best practices, proper configurations [and] good network monitoring that a system ought to be able to withstand about 80 percent of the commonly known attack mechanisms against systems today."
In other words, there's not much you can do to protect yourself against 20 percent of the commonly known attack vectors.
Botnet Toolkit For Sale - (2009-11-19)
A couple of 20 year-olds who used this kit are pinched by British authorities.
How Do You Subvert CALEA Wiretaps? - (2009-11-16)
Easy: use DDoS technology...
The PSP2-BBB Trojan - (2009-11-16)
This malware collects credentials by injecting a page within a customer's browser session (a "man-in-the-browser" attack).
Microsoft's Forensic Tool (COFEE) is Leaked - (2009-11-11)
As one reader commented: "Won’t be long before DECAF is released."
Inside Trojan.Clampi - (2009-11-11)
A rootkit tour from the folks at Symantec.
HookSafe: Detecting Rootkits with a Hypervisor - (2009-11-11)
This article highlights a trend that I've noticed recently: vendors try to defend against malware by putting code in specially dedicated regions of a machine's execution environment. This is all nice and well, until malware finds a way to sneak into these fortified regions.
Imagine a national government that, in an effort to combat organized crime, forms a covert agency that operates above the law and can sidestep the normal constraints of due process. Now, suppose what could happen if this covert agency went rogue ...
Related: Slides on creating a secure VM.
Eastern Europeans Nabbed in $9 Million Hack - (2009-11-11)
A ring of hackers from Estonia, Russia, and Moldova are charged with using counterfeit debit cards to steal a nice chunk of change from RBS WorldPay, which is a part of the Royal Bank of Scotland. Again, despite all of the dire warnings about cberwar, cybercrime proves to be the clear and present danger.
Related: Wired Magazine also has an article about this.
Related: Additional details can be found at ThreatPost.
Former DEA Agent Forces Government to Fold - (2009-11-11)
Richard Horn claims that the CIA spied on him in the 1990s in order to discredit the DEA's work in Burma. Now, why would the CIA do that? Once more, why would the US Government agree to settle to the tune of $3 million?
The Mossad Uses a Rootkit - (2009-11-04)
This sort of story usually doesn't make it into the news.
CIA Manual - (2009-11-04)
A CIA publication from the 1960s. The primary author was a magician...
Cybercrime (Not Cyberwar) - (2009-11-04)
The FBI reports a dramatic increase of attacks aimed at stealing banking credentials belonging to small and medium-sized businesses.
Accidental Disclosures in The Internet Era - (2009-11-04)
A confidential document listing politicians under investigation by the House Ethics Committee is "leaked" to a peer-to-peer file-sharing network.
Availability versus Security - (2009-11-01)
President Obama announces $3.4 billion in grants to spur the development of the "smart grid." Compare this to the $18.8 million offered to secure the grid...
State-Level Homeland Intel - (2009-11-01)
The CIA ponders "a single, integrated intelligence enterprise with well-defined lanes-in-the-road for each large complicated state."
Three's Company - (2009-11-01)
US-CERT, the NCC, and the NCSC all move into a "unified operations center." Ostensibly this will encourage communication.
October 2009__________________________________
Hardware Rootkits - (2009-09-29)
The more we rely on technology that's designed and manufactured outside the US, the more vulnerable we become to some country that decides to add a little "special sauce" to their chipsets...
Give 'em Hell, Bejtlich - (2009-09-29)
Richard Bejtlich offers a scathing rebuttal to an article in the latest issue of Federal Computer Week.
Routers Remain Vulnerable - (2009-10-26)
Not even network appliances (which are supposed to be more secure than similarly configured PCs) are safe. Why can't they build something secure? Because customers want cheap products.
Another Job Board Hacked - (2009-10-26)
This time the Guardian falls prey. Be careful where you post your resume...
Metasploit Acquired - (2009-10-26)
Another legendary open source effort is swallowed up by the suits.
Skimming, Trapping, and The Lebanese Loop - (2009-10-23)
ATM bandits in Europe find new ways to steal credentials.
The Epicentre of E-mail Scammers - (2009-10-23)
That would be Nigeria...
A Higher Form of Killing - (2009-10-20)
Welcome to the new era of warfare. This is an excellent article from the New Yorker.
Defending Against a DDoS - (2009-10-17)
Punchline: there is no easy answer.
Browse and Get Owned - (2009-10-17)
Microsoft patches Firefox via Windows Update, with less than admirable results.
The Matasano C++ Challenge - (2009-10-17)
"The Matasano Security blog recently posted an article titled A C++ Challenge which included a particularly ugly piece of C++ code that has a security vulnerability. The challenge is for the reader to find the vulnerability, use it execute arbitrary code, and submit the data to Matasano."
Frontline: Obama's War - (2009-10-15)
"What we found on the ground was a huge exercise in nation building, ... The concept's become a bit of a dirty word, but that's what this is. We started with the goal of eliminating Al Qaeda, and now we've wound up with the immense task of re-engineering two nations."
The Library of Babel - (2009-10-15)
James Bamford, author of The Puzzle Palace, reviews yet another book about the NSA.
Focus on Intel and Investigation - (2009-10-11)
Bruce Schneier points out that resources spent defending specific targets could be put to better use if we simply went after the bad guys directly. Don't wait for them to strike, go out and identify them before they get the chance. Amen.
Nearly 100 Charged in ID Theft Scheme - (2009-10-11)
Again, cybercrime (not cyberwar) stands out as the dominant threat. The FBI reports that this is the largest number of defendants ever charged in a cybercrime case.
Related: Van T. Dinh pleads guilty to rooting a currency exchange service in New York and adding more than $100,000 to his account.
Related: An article from the WSJ that echoes this point. Cybercrime, not cyberwar.
How Low Will Malware Go? - (2009-10-11)
An overview of hardware-level infestation from the HiTB conference.
The Power of Texting - (2009-10-06)
Texting has become such a decisive technology that the authorities have started targeting people who utilize it to coordinate protestors.
Infiltrating The Mebroot Botnet - (2009-10-06)
Researchers from UCSB reverse engineered the botnet's domain name generation algorithm and then registered those domains to capture traffic from infected machines.
Thought Control in Economics - (2009-10-04)
A "radical" economics professor at Wellesley takes on the foundations of the mainstream.
The Nature of Identity Theft - (2009-10-04)
"Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information."
Related: How much is your credit card info worth?
Meet the URLZone Trojan - (2009-10-04)
Details on this malware from Finjan.
Related: a report from Finjan that describes the basic workflow of online bank fraud.
Steps Towards OS Verification - (2009-10-04)
Verifying a kernel - known as the seL4 microkernel - in this case involved mathematically proving the correctness of about 7,500 lines of computer code in an project taking an average of six people more than five years.
Automated Whitebox Testing - (2009-10-04)
An academic paper from Microsoft Research.
September 2009________________________________
Botnet Case Study from Damballa - (2009-09-25)
"It's worth noting that the majority of the botnets in play by cyber-criminals are in fact small ones."
Related: there's an article about this presentation here.
Finding Hidden Bugs in Anti-Virus Drivers - (2009-09-25)
Sometimes even the Warden has his zipper down...
FBI Data-Mining - (2009-09-24)
Total Information Awareness, here we come!
NYPD Intel Division Gets Double-Crossed - (2009-09-24)
According to reports, the Intel division at the NYPD was working with an Imam who turned out to be a double agent.
Ode to Dr. Strangelove - (2009-09-21)
A doomsday device was actually built by the Soviets during the Cold War.
Mercenaries In Iraq - (2009-09-18)
In light of this article, Niccolò Machiavelli's comments in The Prince seem appropriate.
The Work of a Nation - (2009-09-18)
A bit of an odd title, this is a promotional publication from the CIA.
Government Policies for Execs Visiting China - (2009-09-16)
"I was advised by people in three-letter agencies in the US Government to weigh the machine before I left and when I got back."
More Cyber-Robbery - (2009-09-16)
Cyber-theft (not cyber-war) again rears its head as the dominant threat.
E-mail and Web Apps - (2009-09-15)
A report from SANS that points out primary attack vectors in the enterprise.
Anatomy of a PDF Exploit - (2009-09-15)
Another example that demonstrates the tension between the desire to add features and provide security.
Attacking the US Power Grid - (2009-09-15)
This paper examines power grid attacks and the ability to produce cascading failures. It's a bit on the abstract side...
Low Hanging Fruit - (2009-09-14)
As in any ecosystem, the weaker members of the pack are sought out by predators. This is one reason why local commercial banks are attractive targets for carders.
Age-Old Rivalry - (2009-09-12)
The CIA and the DEA have a long history of stepping on each other's toes. One agency pursues high-level offenders, and the other agency ...
Controlling the Global Economy - (2009-09-12)
Yet another essay on rich guys who get together and talk. As Noam Chomsky has observed, there isn't much you can do about this. It's far more productive to focus on things that we, as voters, can hope to influence: like our political institutions.
Related: The role of international capital in the recent mortgage crisis. "This American Life," from Chicago Public Radio, offers an excellent synopsis of what happened and why.
C2 Through Google Groups - (2009-09-12)
This isn't necessarily bleeding edge, but its a move towards covert channels.
Crooks Bypass Bank's Two-factor Authentication - (2009-09-10)
Intruders compromise a bank's internal system to initiate bogus transfers to data mules. Again, cyber-crime trumps cyber-war as a threat.
A Matter of Scale - (2009-09-10)
The world's highest-volume spam-sending botnet can pump out 90,000 emails per hour.
FBI Investigation Techniques - (2009-09-09)
A monograph from 1961 that focuses on "unusual" methods.
Inside the Waledac Botnet - (2009-09-08)
An excellent write-up by Gilou Tenebro that provides an overview of how this botnet works and what it does.
Meet the New Class (Same as the Old Class) - (2009-09-08)
An interesting blog entry from Bruce Schneier. Though I would argue that an emerging class of global actors (smugglers, warlords, terrorists, and bandits) isn't necessarily a recent development. Back in the 1800s, the world saw history's most successful narco-state: the British Empire. To see what I'm taking about, read up on the British colonization of Hong Kong.
The Global Katrina - (2009-09-07)
A study by an EU Think Tank that endorses "shielding the global rich from the tensions and problems of the poor." Let them eat cake...
The World's Leading Weapons Supplier - (2009-09-07)
"The United States signed weapons agreements valued at $37.8 billion in 2008, or 68.4 percent of all business in the global arms bazaar."
John Doe Has The Upper Hand - (2009-09-07)
Step right up and rent a botnet capable of performing a 10-100 Gbps DDoS attack... for only $200 a day.
As Richard Bejtlich laments: "Someone please tell me how much it costs to provision equipment and services sufficient to sustain network operations during a 10-100 Gbps DDoS attack. I bet it is much more than $200 per day"
The Story of Palantir Technologies - (2009-09-04)
An article from the WSJ about a bunch of geeks on the peninusla who've developed software that tracks down terror networks.
Turning Off An HVM - (2009-09-03)
Some slides that discuss how to disable a hypervisor and resume to a conventional OS in 100 instructions.
Diebold Core Dump - (2009-09-03)
Diebold has sold its voting machine division to Election Systems and Software (ES&S) for $5 million.
Cyber-war Fear Mongering (Cui Bono?) - (2009-09-02)
As Schneier observed: "The real risk isn't cyber-war or cyber-terrorism, it's cyber-crime."
The Western Express Cybercrime Group - (2009-09-01)
This article, from Wired, describes a credit card theft ring operating out of eastern Euorpe.
NSA Patent, #7584480: System Call Monitoring - (2009-09-01)
This looks like a pretty straightforward application of hooking technology.
Crooks Using Real-Time Alerts - (2009-09-01)
An overview of how the Zeus Trojan, malware used in a number of online account hacks, employs IM to facilitate data theft.
August 2009________________________________
Why We Fight - (2009-08-31)
"I get to shoot and blow things up — all the stuff they show you in the commercials."
Albert Gonzalez Takes Plea Bargain - (2009-08-28)
An informant for the US Secret Service does not pass go, does not collect $200.
Low-Tech Firewall Traversal - (2009-08-28)
It's easy, you just mail your 'sploits to them!
Related: the same goes for free laptops.
Related: Is it real, or just a pen-test?
Cracking WPA - (2009-08-27)
Researchers in Japan claim they can subvert the WPA encryption scheme in a minute.
Intel Guide for Law Enforcement - (2009-08-27)
Written by a professor at Michigan State, this report offers a "review of current initiatives, national standards, and best practices."
Protecting Return Addresses - (2009-08-27)
A recent NSA patent that uses shadow stack frames.
DHS Poses IT Attack Scenarios - (2009-08-26)
The report, "IT Sector Baseline Risk Assessment," evaluates high-consequence risks.
Swiss Malware Developer Goes Public - (2009-08-26)
Ruben Unteregger worked for ERA IT as a malware engineer. He built code that was designed to enable the Swiss government to intercept VoIP communication. He has released some of his code here.
Rogue Estonian ISP - (2009-08-26)
TrendMicro publishes a white paper that describes an ISP that served as the operational hub of a cybercrime network for several years.
Isreali Hacker Pleads Guilty - (2009-08-26)
Ehud Tenenbaum pleads guilty for his role in a caper that officials claim scored $10 million.
Cybercrime Pays - (2009-08-25)
Crooks in Eastern Europe are stealing credentials to initiate fraudulent wire transfers.
CIA Inspector General Special Review - (2009-08-24)
A 2004 Report on counterterrorism detention and interrogation activities.
The CIA in the Media - (2009-08-24)
A study that examines how the CIA is portrayed by the media.
Terry Childs Catches a Break - (2009-08-24)
The judge throws out three of the four felony charges against this San Francisco network analyst.
Real-Time Key Logging - (2009-08-24)
Attackers find ways around security architectures that rely on temporary data, like RSA's SecurID system.
Xe Services: Formerly Known as Blackwater - (2009-08-21)
The NYTimes reports that Xe has been contracted out for "work" that's previously been performed by the CIA.
Related: The CIA, it would appear, contracts out all sorts of odd jobs. Talk about a "death panel,"...
The CIA's Secret Prisons - (2009-08-20)
ABC News reports that Lithuania hosted a secret prison on behalf of the CIA.
Data Breach: Radisson Hotels and Resorts - (2009-08-20)
This company manages 400 locations in 65 countries.
Proven Kernel Security - (2009-08-19)
Australia's Information and Communications Technology (ICT) Centre has announced the completion of the world’s first formal machine-checked proof of a general-purpose operating system kernel.
Data Fabrication: Faking DNA Evidence - (2009-08-19)
Scientists demonstrate that DNA evidence can be fabricated. Anti-forensics rears its head!
Hackers Pilfer 130 Million Card Numbers - (2009-08-18)
Three hackers are indicted in what is being called the largest identity-theft case in U.S. history. Who says cybercrime doesn't pay?
Related: The WSJ has covered this story also.
Related: More details on this case can be found here.
Highly Predictive Blacklisting- (2009-08-18)
The idea behind this technique is to curb malware infestation by predicting malicious sites and blocking them in advance.
FBI's Regional Computer Forensics Laboratories - (2009-08-18)
The FBI has released its latest RCFL annual report which details what the labs have been up to recently.
The CIA's $5 Million Bar Tab - (2009-08-17)
A five year investigation into the purchase of Russian Mi-17 helicopters (for post 9-11 operations in Afghanistan by the CIA) leads to the conviction of the Army official in charge of the mission.
Russian Gangsters Behind Georgia DDoS Attacks - (2009-08-17)
The U.S. Cyber Consequences Unit (a think tank) claims that organized crime elements are behind the DDoS attacks that plagued Georgian sites in August of 2008.
Related: According to the WSJ, the Russian attackers used stolen US identities to establish command and control sites in addition to collaborating via U.S.-based social-networking sites.
As the above article observes: "cyber-warfare has outpaced military and international agreements, which don't take into account the possibility of American resources and civilian technology being turned into weapons."
EPIC on Flash Cookies - (2009-08-17)
A primer on this lesser-known technique for tracking user data from the Electronic Privacy Information Center.
First Beckstrom, then Hathaway, and Now Kwon - (2009-08-14)
Mishel Kwon, the head of US-CERT, has left to work for RSA.
Cryptome Owner on Wikileaks - (2009-08-14)
John Young, the founder of Cryptome, comments on the nature of Wikileaks: "Wikileaks too much resembles those whom it seeks to expose."
80,000 People Flagged as Fugutives - (2009-08-13)
A software glitch caused 80,000 people to lose Social Security benefits after they're incorrectly classified as "fleeing felons."
China Backs Down On Green Dam - (2009-08-13)
The WSJ reports that China will not require installation of web-filtering software on computers sold in China.
Busted: 20-year-old Australian - (2009-08-13)
This, yet to be identified, man has been charged with infecting 3,000 machines in an effort to harvest financial credentials.
Selling Interrogation Services to the CIA - (2009-08-12)
A NYTImes article on the rise and fall of Mitchell Jessen and Associates.
Proof That Crypto Works - (2009-08-12)
Two individuals in the UK are convicted for failing to divulge their encryption keys to authorities.
Hacking The Sequoia AVC Advantage - (2009-08-11)
Researchers from Princeton, Michigan, and UCSD demonstrate a real-world attack that can subvert a well-known electronic voting machine. Let the critics once and for all be silenced.
Related: Diebold fixes a security hole in their vote tabulation software.
Why Did Melissa Hathaway Quit? - (2009-08-10)
Everyone knows that "personal reasons" is a code phrase for things that you'd rather not admit in public.
Why All The Secrecy? - (2009-08-07)
"My 24 years as an analyst at the Central Intelligence Agency (1966-90) taught me that national security is only the ostensible reason for using the state secrets privilege in cases before the court. The real reason usually has more to do with national embarrassment and not national security."
Crooks Using The ACH - (2009-08-07)
The Automated Clearing House (ACH) is a network used to digitally route money between organizations and individuals. Attackers have been using it, in conjunction with credential theft, to transfer money to mule accounts.
EFF on the Police and GPS - (2009-08-06)
"There's no statute that controls [GPS monitoring], so if the Fourth Amendment doesn't protect you, you're out of luck."
Details for NSA Building - (2009-08-05)
The new structure slated for Camp Williams in Utah would be 1.5 million square feet (just over half the size of the Mall of America in Minnesota).
Latvian ISP Cut Off - (2009-08-05)
Another "bullet proof" ISP used by criminals has been cut off from the Internet by its upstream provider.
2003 US Cyberwar Attack Derailed - (2009-08-04)
The US planned to crippled Iraq's financial system, but concerns over collateral damage prevented things from going operational.
Low-Tech Spoofing - (2009-08-04)
A man in Chicago is accused of using a stolen radio to impersonate Transit Authority officials.
Windows 7 Activation Hacked - (2009-08-04)
Once again, pirates have cracked Windows. Microsoft has stated that they will blacklist the corresponding OEM master key.
The 1956 Bruce-Lovette Report - (2009-08-03)
An article describing the hunt for an elusive 1956 report on the CIA prepared for President Eisenhower.
Paul Krugman on HFT - (2009-08-03)
While you read this article, keep in mind that High Frequency Traders are given their 30-millisecond preview (order data that they see before everyone else) as a result of a fee that they pay to exchanges like Nasdaq.
Pirating Computrace - (2009-08-03)
Researchers at Black Hat show how to subvert this BIOS-enabled tool.
Related: Computrace vendor, Absolute Software, responds.
ATM Fun and Games in Vegas - (2009-08-03)
One more reason to make a cash withdrawal *before* you leave for Vegas.
BotNet Danger Room - (2009-08-03)
Sandia National Laboratories in Livermore, Calif., are simulating a million Windows nodes by hosting linux virtual machines on a 4,480-processor supercomputer. Each virtual machine will run an instance of Wine so that licensing fees can be avoided.
July 2009___________________________________
Network Solutions Data Breach - (2009-07-27)
"The code may have captured transaction data on approximately 573,928 cardholders. Exposure varied by merchant, but in all cases took place sometime between March 12, 2009 and June 8, 2009."
High Frequency Trading - (2009-07-24)
"Powerful computers, some housed right next to the machines that drive marketplaces like the New York Stock Exchange, enable high-frequency traders to transmit millions of orders at lightning speed and, their detractors contend, reap billions at everyone else’s expense."
L0pht: Where are They Now? - (2009-07-24)
It would seem that several members of L0pht have reunited and revived their old website.
Aliens and Free Energy - (2009-07-24)
Gary McKinnon explains why he hacked the Pentagon.
Q&A With Dennis Blair - (2009-07-23)
The Director of National Intelligence (DNI) talks about cyber-security and counterintelligence.
Hacking Nuclear C2 - (2009-07-23)
The International Commission on Nuclear Non-proliferation and Disarmament released this report, exploring the possibility of hackers initiating a nuclear conflict.
EFF Files Suit against CIA - (2009-07-22)
This morning the EFF filed suit in San Francisco against the CIA, the DHS, the DoD, the NSA, and others demanding the release of reports detailing potential misconduct.
Related: Wired is also covering this story.
Most Wanted Botnets - (2009-07-22)
A list of some of the most prolific botnets in the US from NetworkWorld.
Ex-Police Officer Has Intel on 40 Million People - (2009-07-22)
Colin Holder, a retired police officer has collected sensitive information on 40 million individuals. He plans to charge people for access to the data so that they can determine if their security has been breached.
Chrome Browser Security - (2009-07-22)
A high-level overview of security features in the Chrome Browser.
The DEA and the CIA - (2009-07-21)
This article reflects the tension that has traditionally existed between these two agencies. The DEA goes after high-level offenders who often end up being protected by ... you guessed it!
Related: One retired DEA agent can tell you all about this dynamic.
LA Councilman Questions Google Apps - (2009-07-21)
"Drug cartels would pay any sum of money to be aware of our progress on investigations."
Interview with Joanna Rutkowska - (2009-07-20)
Another exclusive from Tom's Hardware. Read about one of the system-level security field's chief innovators.
AT&T Whistleblower Writes a Book - (2009-07-20)
Mark Klein, the only AT&T employee who's spoken about the secret wiretapping rooms, has written a book about his experience. It's interesting to see how various news providers backed away from this story...
NCTC Director Michael Leiter - (2009-07-20)
Article on this Columbia grad via the alumni magazine.
New WLAN Guidelines for Cardholders - (2009-07-17)
The Payment Card Industry Security Standards Council Releases WLAN standards aimed at organizations that handle payment-card transactions.
Related: Some background on what led to these new standards.
Why RFID Passports are a Bad Idea - (2009-07-17)
Robin Harris at ZDNet bemoans the state of passport security. "I hope some unlucky Americans aren’t injured or killed before this misguided program gets revoked."
Unclassified Report on Warrantless Wiretapping - (2009-07-16)
A report by the Inspectors General of five intelligence agencies.
Related: Wired has a snapshot of the "secret room" at the Folsom Street AT&T office.
Nmap 5.0 Released - (2009-07-16)
The next iteration of Fyodor's handy network scanner is out.
White Hat Budgeting - (2009-07-15)
Bejtlich on outsourcing security: "You spend too much money and probably won't receive value for it. "
Researcher says UK, not North Korea, is to Blame - (2009-07-14)
As noted earlier, attribution is a key issue with regard to cyber attacks.
Wired also has an article on this story.
Related: It would now seem that the attacks originated from Miami. This puts previous calls for massive retaliation by US legislators like Peter Hoekstra in a whole new light, doesn't it? Let's hear it for Hegelian Dialectics!
APT: Advanced Persistent Threats - (2009-07-13)
The chief security officer at Northrop Grumman observes that we really don't know who's attacking us: "Attribution is probably one of the biggest problems for our nation."
The Potential of Rootkit Surveillance - (2009-07-13)
An article from Daily Kos that speculates about banks acting on trading data before the transactions are committed. Credible or otherwise, this story demonstrates why rootkit technology is so powerful.
The Prevailing Wisdom...Is Wrong - (2009-07-13)
According to the 2009 Data Breach Report from Verizon, only 0.05 percent of information stolen was offline data or end-user devices (e.g. backup tapes, laptops, etc.).
The Sound and Fury of Cyberwar - (2009-07-13)
Another great reality check: "The news isn't the attacks, but that some networks had security lousy enough to be vulnerable to them."
Nano-Thermite - (2009-07-10)
Dr. Niels Harrit, a professor of chemistry at the University of Copenhagen, finds an exotic military compound in debris collected in lower Manhattan immediately after 9/11.
The Dangers of Public Wi-Fi Access - (2009-07-10)
This article demonstrates the clear tradeoff between security and convenience.
Bug Takes More than a Year to Fix - (2009-07-10)
Microsoft has declined offer why this is the case, but it appears that there was a security flaw in IE that took them over a year to fix.
Chrome OS - (2009-07-09)
Read Google's introduction to its OS (supposedly due out in 2010).
Related: The NYTimes has a summarized relevant issues in a recent article.
Related: Bruce Schneier calls Google's promises of foolproof platform security idiotic. Give 'em hell, Bruce.
Related: Black Hat presenter Robert Hansen coined the term Gmalware.
SPAM Developer Pleads Guilty - (2009-07-08)
A 49 year-old engineer who developed spamming software gets 6 years and a $3,000 fine.
DDoS Hits US and South Korea - (2009-07-08)
A botnet consisting of 50,000-60,000 computers performs a "relatively small-scale" DDoS attack against American agencies.
Related: According to AhnLab, a Korean computer security company, the botnet was facilitated by a variant of the MyDoom virus.
Related: South Korea's intel agency indicates that North Korea may be responsible.
Related: The Creation of a Botnet.
Scenarios for 2035 - (2009-07-07)
A slide deck from the NOAA, Looks into the dangers of the 'business as usual' mindset.
Predicting SSNs - (2009-07-07)
Researchers from Carnegie Mellon show how easy it is to derive SSNs from publicly available info.
Related: One of the researchers will present their findings at Black Hat USA 2009.
Someone Tries to Steal Goldman's Secret Sauce - (2009-07-06)
A Russian immigrant is held on charges of stealing the source code for Goldman's automated trading systems.
The Great American Bubble Machine - (2009-07-06)
Matt Taibbi, a writer for Rolling Stone, asserts that Goldman Sachs worked to inflate market surges and profit from the resulting busts. As the author states, "organized greed always defeats disorganized democracy."
MI6 Chief Cover Blown - (2009-07-06)
Pictures and personal details posted by Sir John Sawer's wife (Shelley) on Facebook. It will take more than a new cyber command to save the Brits from this sort of poor judgement.
AV Arms Race - (2009-07-06)
An in-depth look at the two market leaders.
NSA to Screen Government Traffic - (2009-07-03)
The Washington Post reports that the NSA plans to screen government traffic on private-sector networks.
Related: Details from the WSJ on Einstein, the system to be used to implement screening. The initial version is just an IDS, later versions will migrate to an IPS approach.
Related: Richard Bejtlich predicts that the .com domains will be next.
The "National Security" Argument - (2009-07-03)
An essay on the 1953 origins of the "National Security" argument used to deny public access to information.
CIA Looking to Hire Bankers - (2009-07-02)
The author of "Crossing the Rubicon" stated that the CIA was Wallstreet and vice-versa...
Protective Design for High Risk Buildings - (2009-07-02)
A study that examines "how to prevent and mitigate the effects of a terrorist attack on a building."
NSA Builds a Data Center in Utah - (2009-07-02)
After the lingering demise of Novell, this is just what Utah needs.
Spammers Hit in the Wallet - (2009-07-02)
Canadian spammers are ordered to give up $3.7 million by a US District Court. Who says that cybercrime isn't profitable?
Hey Barnaby, Say It Ain't So! - (2009-07-01)
I was really looking forward to this talk...But now it seems that an ATM vendor has put the kibosh on Barnaby Jack's Black Hat presentation on how to jackpot ATM machines.
Related: More recent developments on Barnaby Jack's Black Hat talk.
The European Electronic Crime Task Force - (2009-07-01)
The US Secret Service signs an agreement with Italian authorities to set up an international cyber crime task force.
FBI's Watchlist Nomination Practices - (2009-07-01)
How exactly does someone end up on a terrorist watch list? This document should shed a little light on the process.
Cyber War: Hyperbole versus Reality - (2009-07-01)
"It is alarming that so many people have accepted the White House’s assertions about cyber-security as a key national security problem without demanding further evidence. Have we learned nothing from the WMD debacle?"
How the Big Boys Secure E-mail - (2009-07-01)
A look into the logistics of processing large amounts of e-mail.
June 2009___________________________________
Max Butler Pleads Guilty - (2009-06-30)
The operator of the "Carder's Market" faces up to 60 years after pleading guilty to two counts of wire fraud. He'll be sentenced in October.
China's CERT Treads Water - (2009-06-30)
"China's CERT had only three English speakers who were trying to handle a massive work load: the agency was getting as many as 9,000 abuse complaints per day."
Article on Norm Matloff - (2009-06-30)
This UC Davis Professor understands the true nature of H-1B and offshore outsourcing. It's all about cheap labor and destroying the social contract.
Hardware-Level Rootkits Seen As Threat - (2009-06-29)
"Russia’s proposed treaty would ban a country from secretly embedding malicious codes or circuitry that could be later activated from afar in the event of war."
Censoring Wikipedia - (2009-06-29)
A reporter from the NYTimes is kidnapped by the Taliban. The Times tries to keep news of this from being published online.
New Armor for UK Troops - (2009-06-29)
This articles demonstrates that security will often be discarded by users if it's seen as an annoyance.
GAO Report on DHS CyberSecurity - (2009-06-26)
This is an eye-opener. The DHS has been given failing grades since 2005 by the GAO...
Iranians Use TOR - (2009-06-26)
"Forget the driven-by-DC mock-populism and the all-too-clever schemes; this is how America should be promoting democracy abroad. Give activists the tools — and then let them decide how and when to use ‘em."
Deep Packet Inspection in Iran - (2009-06-25)
Big Brother thrives in Iran with a little help from Nokia and Siemens.
Exploit for China's Green Dam - (2009-06-25)
A researcher named Trancer releases a Metasploit module for IE which targets a vulnerability in Green Dam v3.17.
Guaranteed Secure Deletion - (2009-06-25)
Power tools...
The UK Announces its own Cyber-Command - (2009-06-24)
Whitehall follows closely in the steps of the Pentagon. Accusations fly as officials point their fingers at Russia and China.
Related: This new agency will have an offensive role.
Related: This new command will be located at "the doughnut."
NSA Director to lead Cyber-Command - (2009-06-24)
Despite several press releases that seemed to downplay the possibility, Defense Secretary Robert Gates will recommend the current NSA Director, Lt. Gen. Keith B. Alexander, to lead the cyber-command.
Gates Orders Creation of Cyber Command - (2009-06-23)
It's official: a new military command to defend to DoD's 15,000 networks and seven million computers. The command HQ will be located at Fort Meade. Ahem.
Bejtlich on Automated Defenses - (2009-06-23)
"Automated defenses are the easiest for an intruder to penetrate, because the intruder can repeatedly and reliably test attacks until he determines they will be successfully and potentially undetectable"
The Worst US Cities for IT Workers - (2009-06-23)
Detroit and Cleveland are at the top of the list.
Cleveland also has the honor as being named, by Forbes, as one of America's fastest-dying cities.
Detroit Spammers Get the Slammer - (2009-06-23)
Given the above article, I can't say that I'm surprised...
The Story of Deep Capture - (2009-06-22)
A journalist casts an eye on the nature of the financial press.
The Midas Touch in Reverse - (2009-06-22)
A blog entry that dwells on Internet-Based Disruptive Business Technologies (IBDTs).
Everyone Smells Money - (2009-06-22)
The defense contractors ready themselves for the money train.
Google Engineers Talk Browser Security - (2009-06-19)
An article from the ACM that describes high-level security features of the Chrome browser.
GhostNet Vanished in a Day - (2009-06-19)
Nart Villeneuve, from the Information Warfare Monitor in Canada, recently spoke in Estonia about the rapid disintegration of GhostNet.
C2: Cooperation and Coordination - (2009-06-19)
Researchers have uncovered botnets that work together to resist eradication.
The Golden Cash Malware Network - (2009-06-18)
Proof that someone's making money off of botnets (despite what the folks at Microsoft Research are saying).
Crime Doesn't Pay (for Stephen Watt) - (2009-06-18)
The life and times of a malware developer who did work for what the feds are calling “the largest identity theft ring in our Nation’s history.”
The Marc Weber Tobias Problem - (2009-06-18)
Meet Marc Tobias, the man who took on Medeco and won.
Related: See a Black Hat presentation on lock picking.
Forensic Analysis on a Thumb Drive - (2009-06-18)
Not much new here: Guidance Software's EnCase can run from a bootable thumb drive.
NSA Monitoring: Tip of the Iceberg - (2009-06-17)
"Intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged."
How People Fall for Scams - (2009-06-17)
The first few pages of this 260-page report summarizes things nicely.
MI5 HQ Revealed - (2009-06-16)
The company that built this structure (the Park 66 Development in Bury) discloses the address in a brochure.
Intel Sharing with Iraq - (2009-06-15)
Documents related to US Intel sharing with Iraq during the Iran-Iraq war.
Inside a Datacenter- (2009-06-15)
The first rule of Fight Club: Don't talk about Fight Club.
Related: a NYTimes article on the nature of datacenters.
Related: A Register piece on a data center in Las Vegas.
Credit Card Providers Audit Themselves - (2009-06-15)
According to this AP report, credit card providers "see fraud as a cost of doing business and say stricter security would throw sand into the gears of the payment system, which is built on speed, convenience and low cost."
Related: Thoughts on regulating privacy by Bruce Schneier.
PBX Phreakers Indicted - (2009-06-15)
Filipino attackers break into a myriad of PBX systems using default passwords.
New Attack in Non-Routable Networks - (2009-06-12)
"Because of caching issues within the browser, and other technologies that may use the IP address as the single factor of security, it becomes possible to create situations where the collisions can be used to an attacker's advantage, and even allow them to compromise internal networks."
The Borderless Border Town - (2009-06-12)
Bob Cringley discusses the problems of enforcement and security on the Internet.
Keykeriki - (2009-06-12)
A universal wireless keyboard sniffer.
Instigators of Collective Violence - (2009-06-12)
An academic approach to the "Tyler Durden" effect.
China Mandates Filtering Software - (2009-06-12)
China has decided that all computers sold in the country must ship with the Green Dam-Youth Escort package.
Related: Researchers at the U of M have already found exploits!
Related: Reports claim that this could lead to a very large botnet.
Declassified Documents - (2009-06-11)
A collection of links to declassified information.
Corporate Big Brother - (2009-06-10)
Sears Holding Corporation settles with the FTC over spyware from ComScore that it advised customers to install via e-mail.
Interhack Study - (2009-06-10)
“We discovered a statistically significant distinction between the types of breaches that occur in several of the industry sectors.” Matthew Curtin, founder of Interhack and co-author of the study said.
History Repeats Itself - (2009-06-10)
Microsoft decides to bundle free AV software with Windows.
Nobody Sells Gold for the Price of Silver - (2009-06-09)
Microsoft Research says cybercrime doesn't pay.
The Rise and Fall of E-Gold - (2009-06-09)
As one reader observed: "An anonymous way to send large amounts of money around the world? Who would’ve thought such a system would attract criminals?"
Jeff Moss in HS Advisory Council - (2009-06-05)
The founder of Black Hat and DEFCON is sworn in to the Homeland Security Advisory Council.
Rogue ISP Shut Down - (2009-06-05)
Pricewert, a San Jose based ISP, is kicked off the net at the request of the FTC.
ATM Rootkits - (2009-06-04)
Compromised ATMs have been discovered in Eastern Europe. Authorities suspect that insiders are involved.
Cyberwar (Yawn) - (2009-06-04)
Espionage and computer intrusions have been going on for years. They just happen to be getting more attention from the media. Why would that be? (Hint: think government budgets and contracts)
Cloud Computing (Yawn) - (2009-06-04)
Just goes to show you how powerful buzz words are. Marketing fluff at its best. Schneier also observes: "Outsourcing is the future of computing."
The "Why Terrorists are Dumb" Theory - (2009-06-03)
An essay on why terror attacks aren't what they're cracked up to be.
NSA or China? - (2009-06-03)
Who's the greater threat to privacy? An ex-Fed points a finger at China, though the article notes that "deploying malware (i.e. GhostNet) is, at best, a low-rent alternative to wiretapping internet backbones, as the NSA is alleged to do."
Telecoms Escape EFF and ACLU Lawsuits - (2009-06-03)
Today a federal judge ruled that telecoms have immunity from liability under the FISA Amendments Act (FISAAA).
Government Releases "Highly Confidential" Data - (2009-06-03)
The aforementioned report provides details on the nation’s civilian nuclear sites and programs.
Forensic Teams in UK Swamped- (2009-06-03)
Proof that anti-forensics is all about buying time. The article states: "Currently, UK police forces have a backlog of hundreds of computers seized during criminal investigations."
The Perfect Cyber Tsar - (2009-06-03)
According to the authors of this article, the ideal candidate would be a hybrid of Bruce Schneier, Richard Bejtlich, and Chris Eagle.
CardSystems Holds Auditor Accountable - (2009-06-02)
CardSystems takes its security auditor to court over a data breach that took place in 2004.
Ex-Spy Makes Peace with MI6 - (2009-06-01)
Former MI6 operative Richard Tomlinson returns home after the agency agrees to apologize and leave him alone.
Contractors Dash for Cyberwar Funding - (2009-06-01)
The money train has arrived: Northrop Grumman, General Dynamics, Lockheed Martin, and Raytheon are lining up to get their fix.
May 2009___________________________________
Obama Announces Cyber Security Office and Tsar - (2009-05-29)
Obama states: "America's economic prosperity in the 21st century will depend on cyber-security."
Related: The official White House press release.
Related: 60-Day cyberspace policy review presented by Melissa Hathaway, Cybersecurity Chief at the National Security Council.
Related: The Pentagon plans its own complement to this civilian effort.
Related: Bruce Schneier's thoughts on the need for a Cyber Tsar.
Related: Richard Bejtlich responds to Obama's speech.
Related: Yet another reality check. "The problem is not that there hasn’t been a discussion with the American public on cybersecurity. There has. And it’s been entirely monochromatic, larded with scenarios, claims and frightful rumors meant to incite action, and allied with experts chosen from companies in the private sector who always stand to gain richly from further spending on cybersecurity."
Related: Yet another cynic's take on all this the cyber Tsar business.
Intel Consumer's Guide - (2009-05-29)
A sort of "Intel FAQ."
Identity Thieves Indicted in New York - (2009-05-29)
This theft ring operated by purchasing information from bank insiders.
Turkish Hackers Breach US Army Servers - (2009-05-28)
The hacking clan known as "m0sted" successfully cracked web servers in Oklahoma and Virginia. This report also observes that "The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools."
Dangerous Search Terms - (2009-05-28)
McAfee looks at search engine terms that lead to malicious web sites.
Overworked Investigators Cut Corners - (2009-05-28)
The article states, "agencies must issue at least 90 percent of their initial security clearances within 60 days" and then notes that "87 percent of the 3,500 initial top-secret security clearance cases Defense approved last year were missing at least one interview or important record."
Anyone who works with anti-forensics knows, beating the forensic analyst is a matter of buying enough time. As this article reminds us, most people are operating on a budget...
Bilderbergers Meet This Month - (2009-05-27)
As Noam Chomsky observed in his book Understanding Power : "Obviously rich people get together and talk to each other and play golf with one another, and plan together - that's not a big surprise. But the conspiracy theories people are putting their energies into have virtually nothing to with the way institutions actually function."
Related: an article on this meeting in the WSJ.
Related: a rare press release where this group describes itself.
The New Service Economy - (2009-05-26)
Learn the difference between CVV2s, dumps, and fulls.
2007-2008 NSTAC Issue Review - (2009-05-26)
A high-level survey of infrastructure threats published by the National Security Telecommunications Advisory Committee.
Government Informant Stirs The Pot - (2009-05-26)
“How do you go to the government about the government?”
CDC Swine Flu Report - (2009-05-26)
A sensitive, but unclassified, director's update brief.
eBook: Secret Power - (2009-05-26)
A look at the SIGINT links between the NSA, Britain, Canada, Australia, and New Zealand.
Secret Service Flunks NSA Security Audit - (2009-05-22)
Director Mark Sullivan states that: "While the NSA findings are classified, I can tell you that the results were chilling."
Uncle Sam Recruits Teen Hackers - (2009-05-22)
This year's DC3 challenge has expanded its venue to include high school and college participants.
Yet Another AV Software Ranking - (2009-05-22)
Chaz Sowers sets up his own independent test lab and has at it.
Bejtlich on Ghetto IT - (2009-05-22)
An essay on how "intrusion debt" can come back to haunt you.
The Nokia Phone Craze - (2009-05-21)
This article explains why some people have been willing to pay big $$$ for certain models of the Nokia 1100 mobile phone.
Botnet Partitioning - (2009-05-21)
Some bot herders will partition their network of compromised machines for operational reasons and to avoid monocultural insecurities.
$50,000 Bounty on Hard Drive - (2009-05-21)
The National Archives is offering a $50,000 reward for the return of an external hard drive containing personal information (i.e. SSNs) of former Clinton administration staff members.
US Marshals Service Hacked - (2009-05-21)
According to reports, they had to shut down their Internet access and disconnect their system from the Department of Justice.
ISC Report on 7/7 - (2009-05-20)
The Intelligence and Security Committee's second report on the 7/7 bombings. This second report was commissioned after it was determined that the bombers were not unknown to the police and MI5. This report exonerates MI5 on the grounds that the organization was stretched too thin to provided the necessary coverage.
The Navy Cyber Defense Operations Command - (2009-05-20)
An article by PC World that looks into our defensive capabilities. The author hints at interesting ideas, but the details are all classified...
Gartner Advises Skipping Vista - (2009-05-20)
Gartner urges enterprises that haven't rolled out Vista to wait for Windows 7.
Gumblar Briefing - (2009-05-19)
Short, but sweet, write-up by CERT on the basic operation of Gumblar malware.
Vishing: Voice + Phishing - (2009-05-19)
It seems like you can't always trust caller ID...
Netbooks Ship with malware - (2009-05-19)
Once again, demonstrating that sometimes you can't even trust a pristine system out of the box.
Go Ahead, I Dare You...- (2009-05-18)
The Obama administration urges US District Judge Vaughn Walker to order the disclosure of a national security state secret related to warrantless wiretapping.
Too Much Data - (2009-05-15)
The UK police are apparently swamped with CCTV camera footage. Dominic Grieve, of the Conservative party, stated that "In many cases the police don't have the time or resources to look at CCTV (footage)... In fighting crime, mass surveillance through CCTV is highly questionable."
Interview with Melissa Hathaway - (2009-05-15)
Hathaway talks about the creation of the Comprehensive National Cybersecurity Initiative (CNCI).
Security Zones and Shrinking Public Space - (2009-05-15)
This website summarizes a project outlining the impact of anti-terrorism security on urban public space since September 11, 2001.
Warbots - (2009-05-15)
Life imitates art (i.e. think Terminator Salvation).
China's OS: Kylin - (2009-05-14)
China develops its own "secure" OS, which appears to be based on FreeBSD.
Related: commentary by ZDNet's Dancho Danchev.
Will Terrorists Attack the Food Supply? - (2009-05-14)
Bruce Schneier thinks not: "The quantities involved for mass poisonings are too great, the nature of the food supply too vast and the details of any plot too complicated and unpredictable to be a real threat."
How YouTube Scales - (2009-05-14)
An interesting look at how this site supports over 100 million videos per day.
Operation GRAPHIC HAND - (2009-05-13)
A declassified military plan to continue postal service in the event of a strike (simply replace one group of low-paid wage workers with another).
More Infighting and Turf Wars - (2009-05-13)
Bruce Schneier argues against designating someone as a cybersecurity czar.
Pirates and Crooks Team Up - (2009-05-13)
Researchers have identified pirated versions of Windows 7 that include malware which attempts to connect to a botnet command-and-control server.
BioHackers and National Security - (2009-05-12)
A WSJ article that ponders the future shock of homemade bioweapons.
Why Cyber Commands Fail - (2009-05-12)
Richard Bejtlich responds to an article written by Robert Graham.
The Electronic Police State - (2009-05-12)
A commentary and report on the dangers of state surviellance.
Related: a story from Wired about the FBI's 'Going Dark' surveillance program.
Related: a story from the NYTimes that serves as a counter-argument of sorts.
Cyberwar Games at West Point - (2009-05-11)
The DoD graduates 80 students each year from its cyberwar schools.
Wisconsin Police Can Use GPS Tracking - (2009-05-11)
Officers don't need a warrant because, according to Wisconsin courts, GPS tracking does not involve a search or a seizure.
SPAM-Friendly ISPs in China - (2009-05-11)
There are ISPs in China that offer "bullet-proof" hosting, which is to say that you can SPAM all you want and they'll simply ignore complaints.
Classified Programs Budget More Than $50 Billion - (2009-05-08)
"It makes the Pentagon’s secret operations, including the intelligence budgets nested inside, 'roughly equal in magnitude to the entire defense budgets of the UK, France or Japan.' ”
FAA Air Traffic Control Systems Compromised - (2009-05-08)
A report by the Office of the Inspector General that describes the current state of computer security at the FAA.
Privacy or Security? - (2009-05-08)
This is a loaded question. Why can't we have both?
UC Berkeley DB Breached - (2009-05-08)
According to school officials, "Evidence uncovered to date suggests that this attack was launched by highly skilled criminal operations based overseas."
More Funding is Not The Answer - (2009-05-07)
Sensitive military information is recovered from a drive bought off of eBay. These people don't need more federal money, what they need to do is wipe their drives!
Meet the Feds - (2009-05-07)
An interview with Special Agent J. Keith Mularski of the FBI.
NVLabs Releases VBootkit 2.0 Code - (2009-05-07)
Vbootkit 2.0 currently only works on Windows 7 ( x64 edition ).
Trust No One - (2009-05-07)
An article on using honeypots to catch internal attackers. The author advises: "Don't even tell the network security people about it." Oh, that's rich.
A Collection of CIA Documents - (2009-05-07)
"Truth" Drugs in Interrogation
The Interrogation of Suspects Under Arrest
Communist Interrogation Methods
Guess What: We're Vulnerable - (2009-05-06)
Nothing new here. The WSJ reports that officials from all branches of the armed services claim they're being "challenged like never before," once again confirming the suspicion that there is funding at stake.
When Vikings Attack - (2009-05-06)
A Swedish national has been indicted for intrusions into networks run by the likes of Cisco and NASA.
McAfee Threats Report: First Quarter 2009 - (2009-05-05)
According to McAfee, the US hosts the largest percentage of infected machines (18%).
Data Stolen and Held for Ransom - (2009-05-05)
Arrr, data pirates. The Washington Post reports that over 8 million patient records have been encrypted and that the intruder demands $10 million for the password. It looks like the FBI has been brought in...
Privacy in the Cloud - (2009-05-05)
An essay by Bruce Schneier that explains how the police can search your data without a warrant.
Inside the Torpig Botnet - (2009-05-04)
A report by the folks at UCSB that describes how they compromised the Torpig botnet.
Mastering the Internet (MTI) - (2009-05-04)
Details on the UK Government Communications Headquarters' plan to monitor network traffic in Britain.
Unemployment and National Security - (2009-05-04)
An interesting op-ed piece: unemployment in the US has been recast as a form of work to manage the threat of social unrest resulting from mass unemployment.
USPS Investigating Data Breach - (2009-05-01)
Lexis Nexis is notifying customers after up to 300 accounts were compromised to acquire fraudulent credit cards.
Secure XP - (2009-05-01)
Several years after Microsoft releases Vista, Redmond finally offers a secure version of Windows XP (whew, just in time).
April 2009_________________________________
Peer-to-Peer Command and Control - (2009-04-30)
A novel approach to hampering network-based forensics. The story behind this research paper is also interesting.
"Offshore Bullet-Proof Hosting" - (2009-04-30)
Spammers use a server farm hosted in China to maintain anonymity.
Report by National Research Council - (2009-04-29)
Entitled, "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities." You can read this report online.
There's a NYTimes piece that discusses this report here
For Want of a USB Drive...- (2009-04-29)
An MI6 officer loses a USB drive containing the names of SIS informers.
Download the Spec for PLAID - (2009-04-29)
Centrelink has released its $560,000 smart card identification protocol for free. There's also a reference implementation.
State Sponsored Hacking - (2009-04-28)
A NYTimes article that demonstrates why the spooks build the best rootkits. The mention of chip-based compromise tactics is particularly noteworthy.
Yet Another Adobe Reader Hole - (2009-04-28)
US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk. To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, un-check Enable Acrobat JavaScript.
Microsoft Changes AutoRun in Windows 7 - (2009-04-28)
"AutoPlay will no longer support the AutoRun functionality for non removable optical media."
Social-Engineering Lives On - (2009-04-27)
According to Stan Szwalbenest, the director of remote channel risk at JP Morgan Chase, "Call-center authentication is, to me, the biggest pain point right now."
NSA Chief to Head Pentagon Cyber Command - (2009-04-24)
NSA Director Keith Alexander recently claimed that the NSA has no intention of taking on the job of securing our networks (but he never said that he didn't personally want the job...).
A Sea of Black Hats - (2009-04-24)
China's vast population sports a sizeable contingent of hackers that, according to Popular Science, are loosely affiliated with the government.
Brazilian ISP Attacked - (2009-04-24)
Intruders manipulate the ISP's DNS records to redirect customers to malicious sites.
FBI Agent Recounts Sting Operation - (2009-04-23)
Special Agent J. Keith Mularski of the FBI's Cyber Division admits that the Black Hats still hold the upper hand.
VBootkit 2.0 Unveiled - (2009-04-23)
The Kumar tag-team from NVLabs shows off their bootkit at the Hack In The Box Security Conference (HITB) in Dubai.
Internet Criminal Ecosystem offers 'Services' - (2009-04-23)
Anonymization networks, money laundering, and malware installation.
NYPD Under Siege - (2009-04-23)
The NYPD reports at least 70,000 unauthorized entry attempts per day.
1.9 Million Zombies - (2009-04-22)
A huge botnet based in the Ukraine has been discovered by Finjan, a security 'solution' vendor.
Researchers Slam Bush Memos - (2009-04-22)
University researchers who study sleep deprivation claim that Bush administration lawyers misused their findings.
Adobe Reader: The new Internet Explorer - (2009-04-22)
Mikko Hypponen, chief research officer with antivirus company F-Secure, suggests that people use alternative programs to read PDFs.
WSJ Reports Another Data Breach - (2009-04-21)
This time, it's the Pentagon's Joint Strike Fighter project. As expected, the article states that "many details couldn't be learned." Is someone looking to bolster their share of the budget?
Cloud Computing ...Yawn - (2009-04-21)
Bruce Schneier on cloud computing security: "I'm kind of bored with it... Cloud computing is presented as a new paradigm...but fundamentally I don't see a lot of differences between it and client-server and dumb terminals."
I have to admit, after all of the fluff and hype that's been generated over cloud computing, it's refreshing to hear someone offer a reality check.
NSA Chief Clears the Air - (2009-04-21)
The NSA's director claims that the NSA does "not want to run cybersecurity for the United States government."
The NSA Wants To Guard The Gates - (2009-04-20)
The NSA has been beating its drum to take responsibility for securing the governments networks.
Bruce Schneier thinks that this is a bad idea
The FBI's Rootkit - (2009-04-17)
An article from Wired about the Computer and Internet Protocol Address Verifier (CIPAV).
Using a FOIA request, Wired has obtained 150 pages of declassified CIPAV documents .
Office of Legal Counsel CIA Torture Memos - (2009-04-17)
On 2009-04-16, the DoJ released four secret memos used by the Bush administration to justify torture.
President Obama's stance on this issue can be read here .
Rootkits for .NET - (2009-04-17)
This page introduces application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. The focus here is on the .NET Framework, but the concepts can also be applied to other platforms such as Java's JVM.
The person who developed this tool, Erez Metula, spoke today at Black Hat Europe 2009
The NSA Crosses the Line - (2009-04-16)
Government officials claim that the NSA suffers from "overcollection problems."
2009 Data Breach Study by Verizon - (2009-04-15)
An interesting report by Verizon that discusses forensics and anti-forensics. White Hats aren't the only ones who use forensic tools to recover valuable data... organized crime has moved into this space.
Wired magazine has a nice article that follows up on this report.
Airgap Wins - (2009-04-15)
A piece on exploiting VMWare from SANS. The author states that: "I always had the viewpoint that software separation is always going to be more risky than an airgap."
WSJ: Rumors and Innuendo? - (2009-04-14)
With regard to the WSJ's article on our power grid, an Errata Security post states that: "There's no coordinated conspiracy here, but there are a lot of government officials who stand to gain by this attempt at drastically increasing government control over the Internet. They will certainly call up reporters they know and attempt to get them to write scare stories precisely like this."
A similar blog entry, When Hype is the Threat, can be read here.
Fiber Networks and Redundancy - (2009-04-13)
An article from CNET that examines how the telecoms try to build in failover when they lay down fiber optic cables. The really juicy targets seem to be undersea cables and central offices.
Hardware Bassomatic - (2009-04-13)
A shredder that chews up hard drives, laptops, and cell phones.
OpenSecrets Gives Away Its Data - (2009-04-13)
The Center for Responsive Politics is allowing users free access to its database of some 200 million data records.
Smarter is Not Always Better - (2009-04-10)
According to Mudge, "Plant control networks (and their programmable logic controllers) should be disconnected from the Internet." Let's hear it for air-gap security!
Lights Out in Silicon Valley - (2009-04-10)
Eight fiber cables were cut in San Jose and San Carlos, demonstrating that a group of ~100 people with shovels could probably do more damage than a nuclear weapon.
Is It Budget Season?- (2009-04-10)
Wired Magazine calls out the WSJ for it's article about our power grid being hacked.
US Electrical Grid Rooted - (2009-04-08)
The WSJ reports that someone (probably the Chinese or the Russians) has infiltrated our infrastructure networks and left behind a few calling cards.
Pentagon Spends $100 Million Due to Computer Attacks - (2009-04-08)
In the last six months, the Pentagon burned through over $100 million cleaning up from external attacks and internal accidents.
Microsoft's Security Intelligence Report - (2009-04-08)
Scareware and 3rd-party apps plague the boys from Redmond.
FCS: Your Tax Dollars at Work - (2009-04-07)
An article by Wired that describes the birth and death of Future Combat Systems. As Noah Shachtman reports, "just about every assumption the Army had about its future was wrong."
ISPs Officially Store User Data - (2009-04-07)
ISPs in the EU will have to store user info for 12 months, per a recent Directive.
How They Get You - (2009-04-07)
Terror attacks have got nothing on dirty silverware. Perhaps Howard Hughes wasn't so far off the mark...
An Interview with Dino Dai Zovi - (2009-04-06)
A former member of the Sandia National Laboratories’ Information Design Assurance Red Team (IDART) chats with Tom's Hardware about sandboxing, cloud computing, and the fragile nature of the Internet.
Play-by-play of W32/IRCbot.gen.a - (2009-04-06)
A technically detailed analysis by McAfee of the actions that this worm takes when it installs.
How Did the Cold War End?- (2009-04-06)
Robert Eringer discusses strategies that the West implemented to undermine the USSR.
Google's Server Hardware Revealed - (2009-04-03)
Google both designs and builds its own servers. The company's data centers consist of 1AAA containers loaded with 1,160 servers each.
The NSA is not The Answer - (2009-04-02)
A WSJ article by Bruce Schneier that explains why the NSA shouldn't be charged with securing the nation's digital assets.
Symantec Has a "Security Incident" - (2009-04-01)
The BBC goes undercover to purchase credit-card information from one of Symantec's call centers in India.
March 2009________________________________
Hacker Roots Currency Exchange Service - (2009-03-31)
25-year-old attacker named Van Dinh roots an online currency exchange service based in New York and adds $100,000 to his account.
Intelligence Chiefs Warn of Threat from China - (2009-03-31)
British intelligence expresses concern that telecom equipment installed by Huawei could be used to cripple critical services.
"GhostNet" Discovered By Canadian Researchers - (2009-03-30)
Reports indicate that over 1,200 machines in 103 countries have been compromised, many belonging to government offices and foreign ministries. The system appears to be controlled by machines operating out of China. The Chinese government officially denies involvement.
Though this story was broken by the NY Times, Wired has a solid article.
Crime Does Pay (For Some People) - (2009-03-30)
Owen Thor Walker, a botnet creator who was charged with helping a criminal organization infiltrate over a million machines, has been hired as a security consultant by a telecom company.
The World's "Malware Factory" - (2009-03-30)
Economic troubles cause some Chinese engineers to turn to writing malware.
Exploiting Cisco Routers - (2009-03-30)
According to this news piece, organizations often put off patching their equipment because they view the patch as a greater risk.
Q&A With a Former NSA Cracker - (2009-03-30)
Tom's hardware interviews Charlie Miller, the winner of this year's Pwn2Own contest.
Hunkering Down in the BIOS - (2009-03-30)
Researchers at the CanSecWest conference demonstrate how to persist in the BIOS.
Microsoft Releases Security Assessment Tool - (2009-03-30)
The open-source tool, known as the "!exploitable Crash Analyzer" has been developed by the MS Security Engineering Center. It can be downloaded here.
Joanna Rutkowska to Publish SMM Attack Details - (2009-03-18)
Tomorrow (2009-03-19) the Invisible Things Lab will publish a paper (+ exploits) on exploiting Intel® CPU cache mechanisms. The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs.
Earlier work on SMM rootkits has been done by Sherri Sparks et. al. (there's an article here).
Issue 65 of Phrack has an article on SMM hackery ("System Management Mode Hack: Using SMM for 'Other Purposes'") that can be read here.
Trend Micro 2008 Annual Threat Roundup and 2009 Forecast - (2009-03-18)
In a nutshell: Things are going to get much worse before they get any better. Of course, you have to also consider the source (i.e. a security software vendor that would like your business).
Diebold ATMs Hacked in Russia - (2009-03-18)
Apparently these ATMs use Windows. The crooks physically compromised the ATMs and then installed malware that intercepted sensitive data.
Specific details about the malware can be found here.
Physical Security is Still an Issue - (2009-03-18)
An entertaining story about the zen of dumpster diving (not yet a dead art form among Black Hats).
Faux Antivirus Software is Big Business - (2009-03-17)
Hefty commissions make distributing malware a very profitable venture for 'affiliates' that are willing to embed the software in their sites.
DC's Alpha Geek Held Without Bail - (2009-03-16)
The chief security office of the District of Columbia has been arrested on bribery charges.
Malware on Demand as a Business Service - (2009-03-13)
The Internet's criminal ecosystem continues to evolve.
Webshells, Churrasco2, and Flimsy AV - (2009-03-13)
Meet the evil twin of "Defense in Depth," it's name is "Cascading Failure."
Declassified Documents on Vietnam - (2009-03-13)
Roughly 1,600 pages of extensive historical documentation. Probably the largest amount of information declassified so far.
BBC Program Buys a Botnet - (2009-03-12)
The folks at Click (a hi-tech TV program) acquired a low-end botnet (~22,000 nodes) and then used it to perform a DDoS attack against a backup site owned by Prevx.
ARP Spoofing Fun and Games - (2009-03-12)
This SANS diary entry by Bojan Zdrnja describes how ARP spoofing works and how it can be used to inject malicious JavaScript into outgoing web content.
Don't Blame the Victim - (2009-03-12)
Another solid article from Bruce Schneier. It's not necessarily a bad idea to assume the user is ignorant...
Russian Youth Group Behind Estonia DDoS - (2009-03-11)
Nashe, a privately funded youth group, admits they're responsible for the May 2007 DDoS that hobbled Estonia's network infrastructure. DEFCON should be interesting this year...
iTunes Gift Card Hacked - (2009-03-11)
Hackers in China have broken Apple's gift certificate algorithm and are selling $200 gift cards for $2.60.
Fingerprinting Paper - (2009-03-10)
Researchers claim they can use an off-the-shelf scanner to ID paper.
IRS Investigative Materials - (2009-03-10)
"This booklet has been prepared by the IRS' Office of Disclosure as a general guide for Inspectors General and other appropriate Federal officials who may need to access Federal tax information for nontax Federal criminal investigations."
Blacklisting in the UK - (2009-03-10)
The Information Commissioner's Office alleges that construction firms have been using data sold to them by The Consulting Association to illegaly screen applicants.
Adobe's ADEPT DRM for PDFs Cracked - (2009-03-09)
A researcher named "I Love Cabbages" has published code that decrypts PDF e-books that have been protected by Adobe's ADEPT DRM protection.
Intelligence and Security Committee - (2009-03-09)
This annual report by the ISC reviews the UK's intel apparatus.
Security Hole Discovered in djbdns - (2009-03-06)
Dan Bernstein pays up $1000 to Matthew Dempsky, who found a security hole in Dan's alternative for the BIND nameserver.
USAID.gov Web Site Compromised - (2009-03-06)
This article includes a post-mortem of what happens to web clients that visit this site.
Insider Theft Threatens 80,000 NYPD Cops - (2009-03-05)
The pension fund's director of communication has allegedly stolen backup tapes that store information on 80,000 police officers.
Leaping the Great (Fire)Wall of China - (2009-03-05)
This Harvard report examines ways to bypass traffic filtering. Related information can also be found at OpenNet.
Bot Herder Gets 4 Years- (2009-03-05)
A 27 year-old computer security consultant gets 4 years in a federal prison for creating botnets.
More details on this story are available here.
Malware Targets Trading Firms - (2009-03-04)
Details on the "Tigger.A" trojan, which utilizes both a privilege escalation exploit and rootkit technology to pilfer data.
Surveillance Self-Defense - (2009-03-04)
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
The Return of L0phtCrack - (2009-03-03)
The people who originally implemented this tool have resumed ownership and will release version 6 on 2009-03-12 at the SOURCE conference in Boston.
Obama Administration Discloses Bush-era Memos - (2009-03-03)
At the behest of the Obama Administration, the Department of Justice today released two previously undisclosed (i.e. secret) Office of Legal Counsel (OLC) memoranda and seven previously undisclosed opinions.
Visa: No Need to Panic over Breach Notice - (2009-03-02)
Seems as though Visa's recent alert was regarding on ongoing investigation of an earlier breach.
Marine One Data Leaked - (2009-03-02)
FYI, Marine One is the President's helicopter. Reports indicate that a defense contractor leaked blueprints and other sensitive data via a machine that was running P2P software.
Intelligence Operations and Metrics in Iraq - (2009-03-02)
Another study by RAND. Could this be the Pentagon Papers II?
February 2009______________________________
FTC Consumer Sentinel Network Report - (2009-02-27)
The FTC reports that there were 314,000 identity theft complaints in 2008. In terms of the number of complaints filed, identity theft topped the list (26% of the total).
The Whole Foods "No Touching" Security Measure - (2009-02-26)
An entertaining commentary by Bruce Schneier that helps to explain why some some inmates have languished in Gitmo for so long.
Adobe Drags Its Feet - (2009-02-25)
Symantec issued an alert regarding an unpatched 0-day exploit in Adobe Acrobat on February 12th. Adobe has promised to provide a fix for Acrobat 9 by March 11th. Never mind, they're just customers! US-CERT offers the following solutions.
The Guassian Copula Function - (2009-02-24)
Another reminder of the limits of mathematically modeling risk on Wall Street. Ultimately, all models are flawed. Caveat emptor.
Russian Consulate Site Defaced By Chinese Hackers - (2009-02-24)
Supposedly this attack was in response to the sinking of a Chinese cargo ship by the Russian navy.
Oak Ridge National Laboratory Implements Cybots - (2009-02-24)
The DoE strives to build a "intelligent, self-healing, intrusion detection and prevention system" which uses software agents that can cooperate.
Chinese Firm Accused of State-Sponsored Hacking - (2009-02-24)
Venus Info Tech, a company based in Beijing, has been accused of helping the Chinese government infiltrate foreign government networks.
Undisclosed Payment Processor Breached - (2009-02-23)
As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor.
European Cops Complain About Skype - (2009-02-23)
The German police simply plant spyware to get at information.
Data Breach at University of Florida - (2009-02-23)
The personal information of 97,200 people was compromised.
SANS Consensus Audit Guidlines - (2009-02-23)
Twenty important controls and metrics for computer security.
The Oracles at the Open Security Foundation - (2009-02-20)
Another solid story from Wired about how the OSF detected the Heartland data breach before it was announced.
SRI Publishes Details on Conficker B++ - (2009-02-20)
A new variant of the dreaded Conficker worm has appeared. SRI International reports that some 10.5 million machines have been infected by Conficker variants.
Air Forces Falls Back on Air Gap - (2009-02-19)
The Maxwell Air Force Base in Alabama cuts off internet access.
Subverting SSL - (2009-02-19)
A researcher at Black Hat shows how to use a Man-in-the-middle attack to sidestep SSL.
Terror Databases: Unlikely to Succeed, Threat to Freedom - (2009-02-19)
Nigel Inkster, a former Assistant Chief of MI6, puts terrorism in context. "For example, every year in the UK, more people die in road accidents than have been killed by terrorists in all of recorded history."
Wyndham Hotels and Resorts Hacked - (2009-02-19)
Tens of thousands of credit card numbers and CVV codes were stolen. The company's official notice is here.
Government Travel Site Hacked - (2009-02-19)
Visitors to Govtrip.com were redirected to a rogue URL that attempted to install malware.
Work Continues on the Virtual Fence - (2009-02-18)
Additional funding allows Boeing to continue work on a virtual fence along the southwestern border of the US.
San Francisco Admin Speaks Out - (2009-02-18)
Terry Childs claims he did nothing wrong. Bruce Schneier disagrees.
The Former Head of MI5 Speaks Out - (2009-02-18)
Dame Stella Rimington warns that the UK is becoming a police state.
Finding Osama for Engineers - (2009-02-18)
This essay examines scientific tools that could be used to locate bin Laden.
Systemic Risk and Moral Hazard - (2009-02-18)
Once again, FRONTLINE presents a remarkably well done analysis of the banking crisis. This program is one reason why viewers should support PBS.
Cisco and the Mainframe Market - (2009-02-17)
Cisco takes a few tentative steps towards storming IBM's traditional stronghold.
Unmasking Blocked Calls - (2009-02-17)
TelTech systems offers a way to take the privacy out of Caller ID.
The Internal Threat - (2009-02-16)
WSJ article by Bruce Schneier about dealing with rogue insiders.
Thieves Steal $2.5 Million from Utah Treasury - (2009-02-16)
A forensic accounting firm is brought in to search for clues.
The Race to the Bottom - (2009-02-16)
An eye-opening look at working conditions in China.
Rethinking The Internet - (2009-02-16)
An overview that points out some of the challenges of the current system.
Wired Magazine Debunks Javelin Research Statistics - (2009-02-13)
Looks like this report may not be what it's cracked up to be...
NSA Shows an Interest in Skype - (2009-02-13)
The NSA puts a bounty on Skype, hoping to encourage someone to find a way to reliably eavesdrop on it.
Microsoft Sets a Bounty - (2009-02-13)
Microsoft offers $250,000 for information leading to the arrest of the people who created and launched the Conficker worm.
Cracking Conficker - (2009-02-13)
The White Hats use sinkhole servers to intercept data sent by compromised machines.
Director of National Intelligence, Annual Threat Assessment - (2009-02-12)
According to this report, globalization, the worldwide economic crisis, and competition over scarce resources are all critical factors.
Editorial on H-1B - (2009-02-12)
This is, and always has been, about cheap labor.
Romanian Hackers Claim F-Secure Breach - (2009-02-12)
Kaspersky, BitDefender, and now F-Secure. SQL injection strikes again.
KB&R Fined $402 Million for Bribery - (2009-02-12)
Halliburton rears its ugly head again.
BitDefender Partner Gets Hacked - (2009-02-11)
A partner web site associated with BitDefender is compromised via a SQL injection attack.
Cybercrime is Safer (for Criminals) - (2009-02-11)
A fairly lengthy article on the emergence of the Internet's criminal ecosystem.
Germany Enlists Hackers in Uniform - (2009-02-10)
The German Bundeswehr is training hackers for "strategic reconnaissance."
FBI Investigates Swarm ATM Attack - (2009-02-10)
ATMs in 49 cities worldwide were accessed in a 30-minute period. The attackers made off with $9 million.
2009 Identity Theft Report by Javelin Research - (2009-02-10)
According to Javelin: the most common attack vectors are still low-tech (e.g. stolen wallets). This claim has been questioned (see Wired Magazine post, 2009-02-13).
Conficker Worm Shuts Down French Navy Network - (2009-02-10)
Investigators suspect that an infected USB drive was inserted into a computer on the network. Some low-level British military system were also affected.
6,780 Congressional Research Service Reports- (2009-02-10)
Wikileaks releases almost a billion dollars worth of quasi-secret CRS reports.
FAA Gets Hacked - (2009-02-10)
The Federal Aviation Administration reports that the names and SSNs of some 45,000 employees/retirees was accessed.
Kaspersky Gets Hacked - (2009-02-10)
An intruder from Romania uses a SQL-injection attack to break into a customer database.
Microsoft Changes UAC in Windows 7 - (2009-02-06)
In response to a number of blog posts that pointed out weaknesses in UAC, Microsoft has announced that they're strengthening the feature to make it more resistant to attacks.
DNS Amplification Attack - (2009-02-05)
This tactic has been employed in recent DDoS attacks.
Web Censorship in China - (2009-02-05)
The Chinese government feels threatened by "public activism that would be speedily suppressed, or widely ignored, if it occurred offline."
Penetration Test Post Game Wrapup - (2009-02-04)
A security consultant explains how he broke into a client site.
SRA International Data Breach - (2009-02-04)
SRA sells cybersecurity and privacy services to the federal government. Go figure.
Social Engineering Attack Uses Parking Tickets - (2009-02-04)
Fake parking tickets lead victims to a malicious web site.
GAO Audits the Treasury Dept.- (2009-02-04)
The US Treasury Dept. receives poor marks for sloppy IT security.
Coming Soon: 20 Petaflop Computer - (2009-02-03)
IBM plans to build a machine with 1.6 million processors for the DoE.
Morningstar Accused of Internet Espionage - (2009-02-02)
NewRiver Inc. alleges that Morningstar employed internet-base espionage to gain access to its computers.
Testing War Plans in Virtual Reality - (2009-02-02)
NATO is looking for a Sim version of Afghanistan to test out different war plans. But war veterans think that someone is smoking something.
Drive-By RFID Cloning - (2009-02-02)
Chris Paget builds a device that can sniff RFIDs from passports and drivers licenses. This is no longer a "theoretical" attack.
DoJ Runs E-mail Fire Drill - (2009-02-02)
DoJ sends out fake e-mails to test the security awareness of federal workers.
IBM X-Force Threat Report - (2009-02-02)
IBM declares that 2008 was the year of the SQL injection attack.
Blind Phreaker Pleads Guilty - (2009-02-02)
Matt Weigman has his work cut out for him.
Microsoft Sues a Former Employee for Stealing Secrets - (2009-02-02)
Microsoft claims that a program manager in the Windows Security Group downloaded confidential files onto a company-issued laptop.
Disabling UAC in Windows 7 beta - (2009-02-02)
Source code is available here.
The Debate over Cellphone Jamming - (2009-02-02)
Currently, only the Feds can use this equipment. Does using this technology cut both ways? Bruce Schneier says so.
FBI Gang Threat Assessment - (2009-02-02)
The FBI reports that there are 20,000 gangs active in the US.
"Swatting" - (2009-02-02)
Crank callers exploit an authentication hole in 911 to send SWAT teams to random addresses.
January 2009______________________________
P2P Leaks Healthcare Data - (2009-01-30)
A professor at Dartmouth's Tuck School of Business exposes how easy it is to pilfer sensitive data with P2P software.
Related: the official research was published here.
Interview with an Adware Developer - (2009-01-30)
This discussion does wade into technical details.
Spy Employs His Son as a Bag Man - (2009-01-30)
The son of a former CIA agent travels abroad, collecting money on behalf of his imprisoned father.
Over 90% of Corporate E-mail is Spam - (2009-01-29)
In a press release, Panda Security reports that only 8.4% of corporate e-mail is legitimate.
Dense Inert Metal Explosive (DIME) Munitions - (2009-01-29)
These weapons use tungsten powder that acts as "micro-shrapnel" over a confined area.
IT Contractor Plants Malware Bomb - (2009-01-29)
A recently displaced contractor, hired as a Unix admin by Fannie Mae, was indicted on charges of installing malware that would have executed on January 31, 2009. This is an interesting read.
Related: former programmer pleads not guilty.
McAfee Claims Data Breaches Costs $1 Trillion Globally - (2009-01-29)
Using a survey that included 800 CIOs worldwide, McAfee projects that yearly data breaches cost businesses as much as $1 trillion. Almost half of the respondents indicated that displaced workers were the biggest threat.
Insurgency and Counterinsurgency Documents - (2009-01-28)
Military documents, compliments of WikiLeaks. Caveat emptor.
Monster.com Suffers Massive Data Breach - (2009-01-28)
Monster.com decides not notify users via e-mail. One more reason not to store your resume online. BTW, this is not the first time this has happened for Monster.com.
Hardware-Level Drive Encryption - (2009-01-28)
Drive vendors have published specs for full-disk encryption.
Kyrgyzstan Gets Kicked off the Grid - (2009-01-28)
A Russian cyber-militia performs a massive DoS Attack against the two largest ISPs in Kyrgyzstan (80% of the country's bandwidth).
Drive-By Downloads Evolve - (2009-01-27)
Tracking malicious sites using a list may no longer be sufficient.
MessageLabs Intel Report - (2009-01-27)
Spambots account for approximately 75% of all e-mail.
Hackers abuse my.barackogama.com - (2009-01-27)
The shortcomings of the President's Web 2.0 campaign are becoming evident.
Fast-Flux Hacker Gong Fu - (2009-01-27)
The ICANN looks at countermeasures to deal with this evasion technique.
Bot Herder Worked as Security Consultant - (2009-01-26)
John Kenneth Schiefer, of Los Angeles, maintained a botnet consisting of over 250,000 machines.
Bots Doing Shots - (2009-01-26)
SecureWorks.com reports that the Ozdok botnet is collecting screen shot data from infected users.
Failed plot to steal £229 million - (2009-01-26)
Belgian hackers fail in their bid to rob the Sumitomo Mitsui Banking Corporation.
70 Percent of the Top 100 Web Sites Compromised - (2009-01-24)
A report issued by Websense.com indicates that it's no longer enough to simply stick to "safe" web sites.
Microsoft's Documentation is Deteriorating - (2009-01-24)
Microsoft has 800 employees working on a documentation base of 20,000 pages. The number bugs just keeps getting larger.
More Details on the Max Butler Case - (2009-01-22)
An FBI agent recounts his three years underground.
Le Cercle - (2009-01-22)
Yet another sinister foreign policy think-tank.
Linking the Intelligence Agencies - (2009-01-22)
The Director of National Intelligence, Mike McConnell, is working to link thousands of intelligence databases that span 16 agencies.
John Thain Resigns - (2009-01-22)
Pin stripes trump hacking skills when it comes to the really big scores.
Congress gets Hacked - (2009-01-21)
Malware makes its way into a number of machines in the legislative branch.
Paint can block high-frequency Wi-Fi - (2009-01-21)
Research team at the University of Tokyo in Japan experiments with paint that can absorb EM waves of up to 182GHz.
Go Ahead and Write it Down - (2009-01-21)
The chief research officer at AVG thinks that writing down your password probably isn't such a bad idea.
More on the Heartland Breach - (2009-01-21)
The Heartland system manages 100 million transactions a month. The total amount of information compromised in unknown.
Heartland Payment Systems Breached - (2009-01-20)
Payments processor, which services 250,000 locations, uncovers signs of an intrusion and has notified the feds.
OSF Data Loss Statistics - (2009-01-19)
According to the OSF data set, stolen laptops are the biggest threat.
Conficker worm uses Metasploit - (2009-01-19)
The song remains the same: PATCH YOUR SYSTEMS!
Botnet Battles Rage On - (2009-01-17)
Internet hosting companies are cut off from the grid by upstream ISPs in the wake of accusations that they're facilitating cyber-crime.
Bailed-Out Banks Use Tax Havens - (2009-01-17)
They don't want to pay taxes, and yet they turn around and expect the tax-payer (that would be me and you) to lend a helping hand.
Wiping a Disk in one Pass - (2009-01-16)
Craig Wright examines why a single overwrite is enough to wipe a disk clean.
In-Session Phishing Attacks - (2009-01-16)
Attackers have begun to inject malicious Javascript into legitimate web sites in an effort to get users to reveal their credentials. "We're sorry, your session has timed out..."
An Argument Against the SANS Top 25 List - (2009-01-16)
Gary McGraw explains why the SANS Top 25 list isn't the optimal way to address the problem of creating secure code.
Ministry of Defense in UK Suffers Widespread Shutdowns - (2009-01-16)
In a virus outbreak of unprecendented scale, the UK's Ministry of Defense experiences mass system outages (though officials claim that no classified data was compromised).
BGPSEC is Coming! - (2009-01-16)
The Feds plan to augment the BGP protocol to make attacks against the core routing infrastructure more difficult.
The National Cyber Range - (2009-01-15)
DARPA accepts proposals for research that will investigate "innovative approaches that enable revolutionary advances in science, devices, or systems."
Biometric Passports in the EU - (2009-01-15)
The European Parliament decides to implement biometric passports that will become standard issue as of June 29th.
KMD Password Sniffer - (2009-01-15)
The "Mount IOCTL" attack works by patching DeviceIOControl() to intercept the keys used by on-the-fly encryption programs.
Spy Cameras in San Francisco - (2009-01-14)
A report sponsored by the SF Board of Supervisors finds that CCTV cameras don't deter violent crimes. But they do impact property crimes.
Related: See the official report here.
Top 25 Most Dangerous Programming Errors - (2009-01-12)
A whole bunch of people and organizations joined forces recently to compile a list of common programming errors that can lead to security problems.
Related: Top 20 most common attack vectors here.
Cracking NASA to look for aliens - (2009-01-12)
UK man admits cracking 97 NASA machines in search of UFO evidence (supposedly causing $1 billion in damage).
Teaching Intelligence Analysts in the UK - (2009-01-10)
A look at intel analysis from 10,000 feet.
Auditing the IRS - (2009-01-09)
The U.S. Government Accountability Office reports that the IRS has corrected 49 of the 115 computer security problems found in a November audit.
Related: Read the full 30-page report here.
Ukrainian hacker gets 30 years - (2009-01-08)
A Ukrainian cracker linked to the TJX hack was given a 30 year prison sentence in Turkey on unrelated charges.
Cybergeddon! - (2009-01-07)
The Assistant director of the cyber division at the FBI speaks at the International Conference on Cyber Security in New York City. He claims that computer attacks rank right up there with WMDs.
The Snohomish Smokescreen, and other capers - (2009-01-07)
Wired lists the seven most entertaining robberies of 2008.
CheckFree hacked by Ukrainians - (2009-01-07)
CheckFree, a business unit of Fiserv, Inc., recently experienced an "incident." This is a nice way of saying they were rooted. They estimate that 160,000 users may have been affected.
Summary of Data Breaches in 2008 - (2009-01-07)
List of some 656 data breaches, exposing some 35 million user records, compiled by ITRC.
Joanna does it again - (2009-01-06)
Joanna Rutkowska, the Nadia Comaneci of stealth malware, has found a way to hack software that's loaded using Intel's Trusted Execution Technology (part of Intel's vPro processor platform).
Micro$oft too poor to train and test? - (2009-01-06)
Microsoft somehow fails to acquire the tools necessary to prevent a bug from sneaking into IE. The company also admits that it failed to train its developers. Where's all that money going?
The Case for DNSSEC - (2009-01-06)
Work is currently being done to address the shortcomings of the elderly DNS protocol.
E*trade fined $1 million - (2009-01-02)
The Financial Industry Regulatory Authority penalizes E*trade for failing to keep an eye out for money laundering.
Once-secret "atomic patents" - (2009-01-02)
A handful of the "atomic patents" generated by the wartime patenting program that were all initially filed in secret under a World War I-era statute.
Related: from the Bulletin of the Atomic Scientists, "Inside the Atomic Patent Office."
USCC Funding Study of China's Cyberwarriors - (2009-01-02)
The U.S.-China Economic and Security Review Commission (USCC) is looking for a contractor to study the ability of China to conduct network attacks.
Related: Visit the USCC website here.
December 2008____________________________
Israeli Spy Busted - (2008-12-30)
Former Army Employee Pleads Guilty to Acting as Israeli Agent.
Attack of the Playstations - (2008-12-30)
Researchers use a cluster of 200 Playstations to impersonate PKI-based identities.
Digital Photo Frame ships with malware - (2008-12-29)
Samsung frame manager software ships with a free copy of the W32.Sality.AE worm! It's not a bug, it's a feature.
Rogue Admin in San Francisco - (2008-12-29)
Terry Childs claims he was protecting his network from incompetent coworkers.
Shoplifting rings get smart - (2008-12-29)
Fake receipts and bar code stickers are all the rage.
Atom Bomb Reversed - (2008-12-29)
John Coster-Mullen creates a complete replica of the first atom bomb (minus the uranium).
Hacker caught with a million credit card numbers - (2008-12-22)
Max Butler, a certifiable Black hat from the Bay Area, makes an inevitable trip to club fed.
Google Bets on Cloud Computing - (2008-12-21)
Will we revert back to centralized computing?
$1.6B went to bailed-out bank execs - (2008-12-21)
Your tax dollars hard at work.
Related: Where exactly did the money go? Shhhh! It's a secret.
CSIS Chairman Q & A - (2008-12-19)
Cybersecurity honcho Jim Langevin responds to reader questions.
Top 10 Security Patterns - (2008-12-15)
Researchers share ten recurring themes with regard to securing code.
CIA Intel: Quantity over Quality - (2008-12-13)
The former head of the Asia division of the CIA's clandestine service examines current issues. Bah, who needs internet access anyway?
Big Brother Hasn’t Won - (2008-12-13)
Op-ed about how the NSA has turned its attention towards US citizens.
Related: For in-depth coverage see The Shadow Factory By James Bamford.
Related: Read about Thomas Tamm , the man who blew the whistle on the NSA's "program."
Cyber Crooks Loot Citibank Accounts - (2008-12-12)
Transaction processing server is hacked. Russian mobster farms out the stolen data.
The Speed Camera Pimping Game - (2008-12-11)
Teens spoof license plates to send tickets to other people.
Fighting cybercrime in an economic downturn - (2008-12-11)
"Work at home" internet jobs used to launder money.
McAfee Virtual Criminology Report - (2008-12-09)
Read how the crooks are taking the high ground.
Commission on Cyber Security Report - (2008-12-08)
Center for Strategic and International Studies pushes for a National Office of Cyberspace.
FBI taps cell phone mic - (2008-12-01)
The Feds activate cell phone's microphone remotely and then use it to listen in.
November 2008____________________________
Symantec Report on the Underground Economy - (2008-11-24)
Criminals are beginning to opt for precision strikes with regard to high-value targets.
Obama's Cellphone Account Breached - (2008-11-21)
Verizon Wireless disclosed that several of its employees accessed and viewed President-elect Barack Obama's personal cellphone account.
Pentagon Bans Computer Flash Drives - (2008-11-21)
Virus Threat Prompts Defense Officials To Ban Use Of External Drives, No Word On How Long.
Related: Company sells camouflaged USB Drive
National Security Archive - (2008-11-14)
NSA releases history of cold war intel activities.
Book I: The Struggle for Centralization, 1945-1960 (part-1)
Book I: The Struggle for Centralization, 1945-1960 (part-2)
Book II: Centralization Wins, 1960-1972 (part-1)
Book II: Centralization Wins, 1960-1972 (part-2)
Book III: Retrenchment and Reform, 1972-1980 (part-1)
Book III: Retrenchment and Reform, 1972-1980 (part-2)
NSA Origins