Articles
Vulnerability Life Cycle - threat modelling
Web Hacking 2.0
Why Exploit Markets are Bad
Ettercap-NG Workings and Defence
The Zotob Summary
How-To's
Linux SSH Jail with pam_chroot
Firefox Privacy & Security Extensions
Papers
Managing Patching, my MSc Thesis
Risk Analysis of Monthly Patch Schedules
Tools
Automated Vodacom SMS (VodaSMS)
RSS 2 SMS
DShield Hack Detection
Neologisms
Encryption principles
Zoolander's Law
Certificate fingerprints:
SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89
HTTPS version.
You can find an explanation here.
I like it when people agree with me, especially when it is Prof. Eugene Spafford.
Continue reading "Last Word on China's Hack Attack"
Matsano has a great write up on storing/cracking passwords and how salts defeat rainbow tables. Keep a copy to hand out to anyone who asks about salts or when you have to explain to developers how to implement secure password storage.
After the scary legal threats, Paterva has re-released Evolution as Maltego, and Roelof has given some background as to what happened. The essential change is that Maltego now uses Yahoo, as they provide more reasonable automation uses, and has removed several of the social networking transforms until something behind the scenes is sorted out. I did a quick search on 'Person=Dominic White' and was a bit disappointed with the results. We'll just have to wait till things are resolved, but at least we have some functionality restored.
There is a great recording of a talk by Prof Ross Anderson entitled Searching for Evil. It is well worth the hour it takes to watch it. I particularly liked the models of successful attack and defense models, where he (and his researchers) were able to prove that 'clique' or 'terrorist cell' type defenses usually beat out 'ring' or 'replace the fallen' models. The debunking of much of the phishing take down claims was also nice to see in the public. I am getting particularly concerned about malware being spread through SPAM and FastFlux websites, and it seems the problem is getting worse.
Thanks to Richard for pointing out China's response:
China vehemently denied that its army was involved in international computer espionage on Thursday after newspaper reports that the British government had sustained cyber attacks from the Chinese.
"Saying that the Chinese military has made cyber attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives," foreign ministry spokeswoman Jiang Yu said.
(emphasis my own)
At this point, there isn't sufficient evidence (in the press) that this isn't true.
France is reporting they were next in the Chinese, hack attack saga. What struck me about this report was the following line (from translation at Demon.be)
Chinese origin, not necessarily indicating involvement of the Chinese military. - Francis Delon, Secrétariat général de la défense nationale (SGDN)
Finally, some common sense, however, this common sense hasn't been picked up, and the general claim stills seems to be that China "as a country" is hacking the world.
What I find particularly bizarre, is that most of the stories seem to indicate the use of a trojan e-mailed to the victims. Currently, a rather popular attack. For example, a run of the Storm worm last week, had us running for cover at some clients as McAfee's signatures couldn't keep up with the 30 minute repacking strategy in use. However, if we were to analyse the source IPs of both the original e-mails and the websites hosting the binary, I am fairly certain the conclusion would not be that the countries hosting these IPs were engaged in a cyber war against, for example South Africa. However, this seems to be what the current assumptions are when it comes to these Chinese trojans. The only difference is that this appears to be a more targeted attack, but less data points shouldn't allow for greater assumptions.
For example, the machine/s mailing out this naughty trojaned Word document, could very easily be compromised machines. Even if a counter hack was performed and the source of the compromise was followed to China, once again, you're left with a big country and a lot of potential criminals beyond the government.
Finally, there seems to be a definite shift between this current round of reports, and the stuff Shawn Carpenter talked about in his Time interview. He seemed to talk about active hacking, people sitting behind keyboards slowly penetrating Lockheed Martin networks and the like. This round, is generally reported as 'simple' trojan activity. Either there's been a shift in tactics, or I making assumptions on too little information.
Reports of Chinese hacker activity are surfacing again. First against Germany, then unclassified Pentagon networks, the EU parliment (in 2005) and now the UK. These reports seem to constantly rear their heads. But, as I pointed out in 2005, the limited descriptions of the attacks that filter into the press, have the same MO as the Chinese Triads (that info is from 1997). Given the big move of criminal organisations onto the Internet, why is the first assumption the Chinese Government?
Continue reading "The Titans still Reign"
SensePost
singe: Awesome breakdown from the reigning Web App Scanner queens NTObjectives on why their scanner kicked the other's asses http://is.gd/9e0GZ
Ian Bicking: a blog: Joining Mozilla