Phishing attacks...

Interesting article:  Going Undercover in the Slimy World of Phishing in eWeek, that describes the criminal business of phishing.

Don't doubt that cyber crime is big business.



Hacking toolkits...IcePack

Interesting podcast on eWeek.com about IcePack, a hacking toolkit and the spread of hacking tool kits in general.

Some points that stuck out to me include:
* the value associated with malware...meaning the money that people will spend to buy malware
* the interplay between hackers in the community, who buy a toolkit and then modify it to spy on the hackers that they sell or give it to
* the growth in the malware industry in general



Infected even before you connect to the Internet???

Story in the Register about hard disks from Maxtor (recently acquired by Seagate) that come pre-formatted AND pre-infected.

Rumors on the street are that the virus that infects the hard disks from Maxtor steal gaming passwords and delete mp3's.




Wireless War "Walking" and WiGLE

Tim Wilson of Dark Reading shares his experiences during a walk around the White house scanning for open wireless networks.

Several points are pertinent for the astute reader:
* There are a ton of unsecured or poorly secured wireless networks in the world.  OK...so that is not a newsflash.
* The author refers to WiGLE, the wireless geographic logging engine.

Read the article and take a look at WiGLE.



From Bastille Linux to Bastille Unix

In case you hadn't heard, there was a change in name from Bastille Linux to Bastille Unix.

Apparently a domain-name squatter acquired the rights to the domain name that Bastille Linux was using.

He tried to get the original owners of the name to fork over big bucks to get the name back, but they are gonna rely upon the arbitration process to get the name back.

In the meantime, they are gonna take advantage of this opportunity to create a new web-site that reflects the changed nature of their product...

For a period of time, Bastille Linux has been ported to operating systems besides just Linux, so the name really didn't fit any more. They have changed the name to Bastille Unix.

If you have never heard of Bastille Linux, it is a script that walks through the security features of your operating system and either adjusts them for you or teaches you how and why to adjust them. Very good learning tool.


Honeypots...and the results...

For those who don't know, honeypots and honeynets are computers or networks set up to trap, monitor, or deflect malicious activity.  A researcher might set up a computer and leave some common vulnerabilities open on it and wait to see who comes knocking.  Once the bad guys finds that the computer is "open" they try different techniques to probe the box and take control of it.   The whole time, the system will track the behavior of the attacker to determine what they do and how...this can lead to some interesting developments learning what the bad guys are up to.

It was apparently a slow news day, but the following web-site:  SANS Internet Storm Center Diary put up a list of all the malicious code that they noted using one of their honeypots.

Neat stuff.



Comments on Slashdot - Re Ameritrade Fiasco...

I recently responded to a comment made on Slashdot about one of their articles. The article covered an audit made of Ameritrade's system and the fact that it had a 'back-door' in it. One of the readers made a comment that seems reasonable at first, but belies the difficulty of security a computer or a network.

Below is the text of my reply and here is a link to the original comment by mkraft and a link to the original Slashdot article.

mkraft: In reference to your statement "How does unauthorized code even get into a financial institution's systems? The banking systems should never be accessible via public networks, only private ones, so this should never have happened."

It, unfortunately, is not that easy. As soon as one computer is connected to another computer (via wireless, wired networks or 'sneaker-net'), problems with security start to cascade. If a computer has a USB port, a CD drive, DVD drive, or a network connection, it is nearly impossible to lock down - malware will find it's way onto the machine.

The U.S. and foreign governments spend a fortune trying to lock down some of their most sophisticated computers and networks and still they leak like a sieve.

Although we may wish that it were otherwise, we can hardly expect for a company whose bottom line is the profit margin, to spend all that it takes to secure even one computer...

Consider the magnitude of the problem:
- Keep the network holes plugged as much as possible
- Keep the operating system patched
- Keep all of the applications (including the off-the-shelf and home-grown applications) patched - Keep all security software patched and updated
- Most importantly, keep all employees from doing anything remotely silly or risky

Many of the items above, are nearly impossible to do well - for example...if a typical patch for a piece of software arrives ~5 days after the vulnerability is announced, what is the financial institution supposed to do for those 5 days? NOTE: the 5 days is a fictitious number - no one achieves that high a speed in issuing and applying patches...but it illustrates the point...

There is no way for an underpaid, overworked security staff to plug EVERY hole - especially in the world of zero day exploits. The hackers, on the other hand, have automated tools that can plug at the problem 24/7 until they find even one, overlooked hole...


Skoudis: finding malware on a Windows box...

Great article by Ed Skoudis on finding malware on a Windows computer.  This article covers a number of things that are fun for beginners in the field of information security:  how to use the command line in Windows and what to look for when investigating a Windows machine for infection or malware.


China gets hacked too!

Interesting article:  China claims hackers stole its secrets too about claims by the Chinese that they are experiencing hacking attacks. Some of the neater quotes include:

"Vice Minister of Information Industry Lou Qinjian claimed that the United States and other 'hostile' governments were attacking China's infrastructure..."

"In recent years, Party, government and military organs and national defense scientific reserach units have had many major cases of loss, theft and leakage of secrets, and the damage to national interests has been massive and shocking."
Nice to know that what goes around comes around...



Information Sharing

"FBI CIO: Culture inhibits info sharing" article in Federal Computer Week, by Wade-Hahn Chan about the FBI's reticence regarding sharing information. Chan quotes the FBI CIO regarding "...the intelligence community isn't used to the concept of sharing information and therefore worries about security leaks."

Sharing of information is a very tricky subject...and is tied to a number of interesting issues (these are only a few):

what are the technical requirements for an information sharing solution?
--> keeping bad guys out
--> keeping viruses and malware off the network
--> preventing inadvertant loss of classified data, either due to insiders or due to data leaks
who will be sharing the information?
--> how trustworthy is the network of the partner you are sharing your classified info with?
--> if you share info, what needs to be filtered out, so that they get "actionable" data but not the "crown jewels"
what types of information is being shared?
--> Does the receiving organization, country, company need to have this information or just parts of the information?
--> Can the information being shared lead to a "mosaic effect", where seeming trivial bits of information shared today, can be linked to other trivial bits of information shared yesterday or tomorrow, to allow the partner to infer too much?

Sharing information is not as easy as it might sound.



More Nmap...

This article also walks you through the process of running Nmap. Give it a try.