Category: Security Page 2 of 5
- (Original): http://homelandsecuritynewswire.com/single.php?id=8200
- (Archived): http://www.westerfunk.net/ … common%20language/
“The former cybersecurity director at DHS had some sobering words last week about the battle for cybersecurity. ‘We lost,’ the former director, now chief executive officer of NetWitness Corp., said at the Symantec Government Symposium in Washington. ‘We lost the cyber war over the last 15 years. Our computing environment is already compromised,’ and things are likely to get worse going forward because we do not really understand security. ‘We lack any meaningful metrics or measures to say how secure a system is.’ It no longer is true that the best minds are on the side of the hackers. The dark side of cyberspace has been co-opted by organized crime, entrepreneurs of questionable integrity and, possibly, terrorists. Much of the process of illegal hacking has been mechanized to the point that it involves automation, not innovation. Part of the problem was identified by the U.S. Computer Emergency Readiness Team director. ‘We lack a common language for discussing many of the elements of security. We need to reinvent not only how we do incident response, but how we talk about events,’ the director said at the symposium.”
If you want to see a picture of the future of Europe, then read this and watch the video. It is disturbing to say the least and has some cursing and violence in it so proceed with caution … just warning you in advance.
I post this because the video is such a very clear portrayal, from Muslims themselves who shot it during some recent riots in London, of the threat we face in the short and long term, and the impotence of the West to deal with the threat brewing from within its own borders. It apparently does not take much for a Muslim to go from moderate to radical. This video makes that abundantly clear.
“A great civilization is not conquered from without until it has destroyed itself within. The essential causes of Rome’s decline lay in her people, her morals, her class struggle, her failing trade, her bureaucratic despotism, her stifling taxes, her consuming wars.” – Will Durant on the history of Rome
May we learn from history. Rome was great … and it fell
(Archived): http://www.westerfunk.net/archives/secu … ervations/
Most of you will more than likely have no clue about this major flaw unless you read any of the tech headlines. Even then, there really should be no reason why you would know about it, or why it is important to you. But the consequences of this giant hole, if the internet servers are not patched, could potentially be devastating. And I would like to try and explain, to the average user, why this is a not a small problem by any stretch of the imagination. I emphasize the word “try” because I’m attempting to break the language down and make it easier to understand.
The flaw has to do with the internet servers you may have heard of called DNS servers. DNS stands for Domain Name Server. DNS servers function as a hostname to IP address resolver (e.g. www.google.com translating to 18.104.22.168, for arguments’ sake). So instead of looking up Google’s home page using an IP address (22.214.171.124), you enter in a name you can remember and it points to that particular IP address for you (www.google.com). That is a very simple description, but it will suffice to explain the issue at hand.
In comes the flaw: a hole exists within the widely used open source (i.e. free) DNS server software called BIND that allows an attacker to poison its DNS cache to change the hostname from it’s original IP to a different one. You say to me now, “what the … what are you saying?”
Let me try to explain. Whenever you look up www.google.com using your Internet Service Providers’ (ISP’s) DNS servers, that lookup request stays within the DNS server for a specified amount of time so it doesn’t have to keep looking up the IP address over and over again. The lookup request gets “cached” (or saved temporarily) in the servers’ memory. Basically, it makes the look up process much faster for you.
With that said, here’s the vulnerability: because of the hole that must be patched, hackers can currently insert or change www.google.com to point somewhere it was never intended to point. That’s a big problem.
And it only gets worse. A majority of us use the DNS servers provided by our ISP’s (e.g. AT&T, Charter, Verizon, etc.) who themselves use BIND (remember … the DNS server software?) to serve up DNS requests to users. Most of these ISP’s – yes, most – have YET to patch their servers and they remain highly exposed and vulnerable to, well, a massive attack by hackers.
Now here is how the attack would look from the average users’ point of view to, say, a banking site: you look up www.wellsfargo.com, get a page that looks like Wells Fargo’s, using their hostname even (ya know, www.wellsfargo.com). Yet you are pointed to (as an example) a foreign IP address to, oh, say, in Latvia. The fake Wells Fargo site employs the standard phishing tactic of asking you for your personal information to “verify” your identity. You input your information thinking it is your bank’s website. Yet all you are doing is giving your personal information to some hacker in Latvia who can then drain your account and steal your identity ultimately.
In all reality, this is a cyber national security threat, as our core DNS infrastructure remains highly exposed and ultimately could, in a worse-case scenario, hit the economy because of rampant fraud. Don’t think this could happen? Well, it’s likely ISP’s see how big the threat is now and are working vigorously to get their servers patched.
But, nevertheless, we should all take a sober look at what happened to OmniAmerican Bank within the past year (Archived) as an example of how the unforeseeable can happen, because there are people who are smart and determined enough to make it happen – even in a short amount of time.
Fascinating look at how vulnerable web sites and web applications are and how they became so insecure.
I don’t normally read RollingStone Magazine, but I stumbled across a link to an article while on Bruce Schneier’s security blog. In short, China is performing a social/spying experiment upon a city called Shenzhen. Every spy toy imaginable is being employed in the service of watching and controlling every movement its citizens make. This is 1984 stuff here. And one of the interesting comments in the article is that U.S. corporations are some of the largest financiers of this endeavor. Also, just like everything in China, it will be exported to a “neighborhood near you,” as it says in the article. I don’t know if that’s necessarily true and maybe a bit alarmist. But it is odd to me the U.S. seems to have such a vested interest in this. Also, at the very least, the technology could be quickly exported to current oppressive governments for the controlling of their people. Here are some quotes from the article:
“As China prepares to showcase its economic advances during the upcoming Olympics in Beijing, Shenzhen is once again serving as a laboratory, a testing ground for the next phase of this vast social experiment. Over the past two years, some 200,000 surveillance cameras have been installed throughout the city. Many are in public spaces, disguised as lampposts. The closed-circuit TV cameras will soon be connected to a single, nationwide network, an all-seeing system that will be capable of tracking and identifying anyone who comes within its range — a project driven in part by U.S. technology and investment. Over the next three years, Chinese security executives predict they will install as many as 2 million CCTVs in Shenzhen, which would make it the most watched city in the world. (Security-crazy London boasts only half a million surveillance cameras.)”
“This is how this Golden Shield will work: Chinese citizens will be watched around the clock through networked CCTV cameras and remote monitoring of computers. They will be listened to on their phone calls, monitored by digital voice-recognition technologies. Their Internet access will be aggressively limited through the country’s notorious system of online controls known as the ‘Great Firewall.’ Their movements will be tracked through national ID cards with scannable computer chips and photos that are instantly uploaded to police databases and linked to their holder’s personal data. This is the most important element of all: linking all these tools together in a massive, searchable database of names, photos, residency information, work history and biometric data. When Golden Shield is finished, there will be a photo in those databases for every person in China: 1.3 billion faces.”
“One Shenzhen-based company, China Security & Surveillance Technology, has developed software to enable the cameras to alert police when an unusual number of people begin to gather at any given location.”
“Shenzhen is the place where the shield has received its most extensive fortifications — the place where all the spy toys are being hooked together and tested to see what they can do. ‘The central government eventually wants to have city-by-city surveillance, so they could just sit and monitor one city and its surveillance system as a whole,’ Zhang says. ‘It’s all part of that bigger project. Once the tests are done and it’s proven, they will be spreading from the big province to the cities, even to the rural farmland.’
In fact, the rollout of the high-tech shield is already well under way.”
A while back I wrote this post pertaining to what appeared to be spammers utilizing Gmail servers to send spam to my account. I didn’t know if it was just me or if others were experiencing it as well. It’s not just me apparently. This article on The Register in the UK shows that this is quite a growing problem for all mailing systems, that is now causing many mail services to start throttling Gmail (as well as Yahoo) emails that come in. This is bad news because Gmail was supposed to be one of the more secure mailing systems. In addition, it presents a big problem for services like Spamhaus because spam emails being sent through Gmail SMTP servers are not blacklisted. Therefore a spammer can send email from foreign IP address blocks that may be banned in the Spamhaus database, but because the email is actually being sent via Gmail servers, it is not blacklisted. So mail services have started enforcing throttling to limit the number of email that are sent from Gmail. This just shows that no matter how much security you put in place (even complex CAPTCHA techniques), there is always a way around systems, always. And at some point, someone will find the holes. It’s just a matter of time. The trick is staying ahead and always keeping people guessing.
After perusing this document, the following projects are of particular interest: