Monday, July 31, 2006
2. True Friends
3. Respect, one when the results go beyond the position and size of market capitalization
5. Childhood full of joy
6. Knowledge, diploma and insider leaks are something else
7. And obviously Innovation as you can see at this slide and compare it to the rough reality for the top tech R&D spenders. 800 pound market capitalization gorillas for sure, but not innovators. A knowledge driven society results in talent wars -- permanently attracting the walking case studies is also important.
Outspending ends up in budget allocation myopia, compared to actually prioritizing your R&D efforts. You aren't productive when you have all the cash in the world, exactly the opposite, and passion does play a crucial role when it comes to creativity. Go through a handy summary of a study on Does R&D spending deliver results? as well.
"The two spy satellites currently in operation are both polar orbiters circling the globe at altitudes of 400 to 600 kilometers. If the fourth, a SAR satellite, is launched in 2007 as planned, it will complete the four-satellite reconnaissance system, and the country will be able to monitor any point on Earth at least once a day, officials said. It will therefore become possible for Japan to monitor day-to-day changes in North Korean missile-launching sites. The problem, however, is if the system will be effective at the moment of a missile launch, which would depend on the weather and positions of the satellites at the time, officials said on condition of anonymity. In stark contrast with Japan, the United States has orbited more than 100 satellites, at least 15 of which are reportedly for intelligence-gathering purposes, they said. As experts put it, the U.S. satellites can identify objects as small as 8 to 9 centimeters in size if weather conditions are ideal. The United States has five early-warning satellites, including one for backup purposes, keeping watch over North Korea around the clock, they said."
They're definitely using open source IMINT on North Korea as well, or requesting detailed imagery on demand through commercial providers, in between further developing their early warning systems. Go through an article on Japan's Information Gathering Satellites Imagery Intelligence in case you're interested in their past efforts in this direction. However, I feel it's their neighbors' cyber warfare capabilities they should be also worried about.
Image courtesy of Northrop Grumman.
Sunday, July 30, 2006
Even worse, having to power and diplomatic influence to make a change,while being a beauraucrat to win time as someone else's about to take care of your dirty laundry is such a bad example for the rest of the democratic world, yet a convenient one.
Great post at DefenseTech on autonomous warfare, destroy the oil resources to limit the movement of suppliers - have a dozen of grannies move them on bycicles or take it personally, destroy a bridge, and see a wooden one build within day or two, every war is an act of terrorism by itself, where the term "acceptable levels of casualties" constantly jumps from the military to the political dictionary.
Previous DVDs of the Weekend and related comments:
DVD of the Weekend - The Lone Gunmen
DVD of the Weekend - The Outer Limits - Sex And Science Fiction Collection
DVD of the Weekend - War Games
DVD of the Weekend - The Immortals
DVD of the Weekend - Lawnmower man - Beyond Cyberspace
Thursday, July 27, 2006
"He doesn't use Photoshop but simply writes code to create computer art. For the Spam Plants, he parsed the data within junk e-mail--including subject lines, headers and footers--to detect relationships between that data. Then he visually represents those relationships. For example, the program draws on the numeric address of an e-mail sender and matches those numbers to a color chart, from 0 to 225. It needs three numbers to define a color, such as teal, so the program breaks down the IP address to three numbers so it can determine the color of the plant. The time a message is sent also plays a role. If it's sent in the early morning, the plant is smaller, or the time might stunt the plant's ability to grow, Dragulescu said. The size of the message might determine how bushy the plant is. Certain keywords, such as "Nigerian," might trigger more branches. But Dragulescu did not inject any irony. Messages about Viagra do not grow taller, for example."
I feel that now every spammer can pretend about being a stylish art admirer, with his spamming historical performance hanging on the wall, or perhaps it's my surrealistic black humor.
Related posts on spam and visualization :
Fighting Internet's email junk through licensing
An Over-performing Spammer
Consolidation, or Startups Popping out Like Mushrooms?
Dealing with Spam - The O'Reilly.com Way
Visualization, Intelligence and the Starlight project
Visualization in the Security and New Media world
Wednesday, July 26, 2006
More on malware.
Tuesday, July 25, 2006
"Google has built the following four 'lines of defense' for detecting invalid clicks: pre-filtering, online filtering, automated offline detection and manual offline detection, in that order. Google deploys different detection methods in each of these stages: the rule-based and anomaly-based approaches in the pre-filtering and the filtering stages, the combination of all the three approaches in the automated offline detection stage, and the anomaly-based approach in the offline manual inspection stage. This deployment of different methods in different stages gives Google an opportunity to detect invalid clicks using alternative techniques and thus increases their chances of detecting more invalid clicks in one of these stages, preferably proactively in the early stages."
Despite Eric Schmidt's comments on click fraud as "self correcting" issue, Mark Cuban takes another perspective I find a very relevant one.The key remains the balance between Google's technologies and efforts to build awareness on the problem, very informative report. Pay-per-click is a powerful model forwarding the responsibility for eventual transactions to the advertiser's value added propostion, as compared to a Pay per action model. I doubt Google would have ever reached a stock split debate in its history if it were to use one.
Moreover, with the growing interest in a Pay-per-call model and the rise in voice phishing, it turns the trend into a hot one to keep an eye on for the upcoming future.
Monday, July 24, 2006
"Hidden malware search capabilities within Google which were reserved for antivirus and security research firms just weeks ago have been cracked by hackers, according to security industry sources. The key to finding malware in Google lies in having the signature for the specific malware program, according to researchers from enterprise IT security firm Secure Computing. However, the company reported that these previously hidden search capabilities have recently fallen into the hands of hackers. Why bother creating a new virus, worm or Trojan when you can simply find one and download it using Google? said Paul Henry, vice president of strategic accounts at Secure Computing. Unskilled hackers can use this previously unknown capability of Google to download malware and release it on the internet in targeted attacks as if they wrote it themselves."
Bothering to create a new piece of malware and ensuring its payload gets regularly updated to avoid AV detection is perhaps the most logical need compared to doing reconnaissance for known malware through Google. Looking for the signature means the piece of malware has already been detected somehow, somewhere, namely it's useless even to a script kiddie as I doubt one would do a favor to another, thus increasing the size of someone else's botnet. What you can actually use it for, is look for packed binary patterns, or known functions, and draw up better conclusions.
I really hope Secure Computing are more into harnessing the brand and product portfolio's power of CipherTrust, than they are into the dangers of known malware, not that there aren't exceptions of course!
Space wisdom courtesy of Doctor Fun.
Friday, July 21, 2006
"Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. The list at the moment is rather small (you get the idea though), hopefully people will start sending more queries. Source code review is not a straight forward operation , using the list you will get pinpoints and not definite results."
It could easily help you spot source code containing common bugs without the need of using a scientific model to predict vulnerabilities, but you should also consider the powerful source code search engine Koders which is currently searching 225,816,744 lines of code, and provides you with the option to segment your queries based on programming language.
SecureProgramming.com - latest update January, 2005, useful links through
An overview of common programming security vulnerabilities and possible solutions
Insecure Programming by example
Top 7 PHP Security Blunders
Photo courtesy of IBM, featuring ethical hacker Nick Simicich. You may also find Secure DVD, a collection of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) handy.
- it could wait
- it takes decades to update
- it would influence their superman's productivity
- where's the update button by the way?
From the press release of a commissioned survey :
"Harris Interactive® fielded the online survey among a nationwide sample of 2,079 U.S. adult computer users 18 years of age or older. The survey reveals that: Despite 55 percent being very confident or confident in the protectionoffered by the antivirus program on their computer, 42 percent have been affected by malware. A surprising 65 percent have postponed updating their virus protection. Of these adults, their top reasons for not updating are:
It was too disruptive to what they were doing on the computer - 38%
They thought it was something that could wait - 32%
They thought it would take too long - 27%
They weren’t sure how to update the antivirus program - 14%"
These very same end users represent among the key factors for successful assembling of botnets these days. If you secure the entire population, you'll end up with a secure sample itself, but the novice user's lack of incentives is ruining the whole effect -- and driving the DDoS protection tools market segment of course. I also wonder how did Gartner manage to estimate Panda Software's revenues and market share, given that compared to the rest of the publicly traded companies it's free from the burden of having stakeholders breathing down their neck?
Failures in Detection courtesy of VirusTotal.
"A former consultant to Morgan Stanley has been arrested and charged with stealing an electronic list of hedge funds and the rates the investment bank charges them. The hedge funds are clients in the company's prime brokerage business. According to court documents, Chilowitz is accused of sending a copy of the firm's administrative client list and its client rate list for the prime brokerage business in February from Morgan Stanley's offices in New York to his personal e-mail account at his home in Virginia."
I once said that nothing's impossible, the impossible just takes a little while, but given who Morgan Stanley is when it comes to risk management, assessment, let's don't say risk engineering -- psst, paying $15m in order not to pay $1.5B is such a sound investment -- they should have never allowed for this type of info to leave over the Web.
Meanwhile, the WSJ is reporting that Employers Increasingly Firing Staffers for E-mail Violations :
"The news comes from the 2006 Workplace E-Mail, Instant Messaging and Blog survey from the American Management Association and the ePolicy Institute, according to the Journal. The survey found that more than a quarter of the employers queried had fired an employee for violating company e-mail policy, up 9 percent from the 17 percent of employers who let employees go for similar violations in 2001, the Journal reports. On top of this finding, the survey also said that 2 percent of respondents had fired workers for instant-message correspondences that weren’t appropriate, and another 2 percent of employers said they’d fired a staffer for posting distasteful content on a Web log—or blog—be it their professional or personal page, according to the Journal."
Security policies are not the panacea of security, they are the basics, so consider developing and monitoring the effectiveness of one. My advise - think twice before feeling like a smart ass for exploiting your interns next time, and yes, fingerprint your most valuable IP assets as well.
"Organizations that have reached a high level of IT security practice maturity can safely reduce spending to between 3% and 4% of the IT budget by 2008, according to research firm Gartner Inc. By contrast, organizations that are inefficient or have historically under invested in security may spend upwards of 8% of their IT budget on security. This means that many organizations will still be investing aggressively for the next few years. Rich Mogull, research vice president and conference chair of the Gartner IT Security Summit which starts in Sydney Tuesday, said that there are now solutions to most information security problems. It's just a matter of implementing the technology efficiently and effectively so resources can be focused on new threats," Mogull said. While information security has become a highly specialized branch of IT, commodity security functions are often being returned to IT operations. Organizations that are still impacted by everyday, routine threats must ramp up and become more mature in their approach."
I find this a wrong emphasis on higher spending as the corner stone of "better security", and even if it is so, who's your benchmark at the bottom line? In a previous in-depth post on Valuing Security and Prioritizing Your Expenditures, I discussed the currently hard to implement ROSI model, and pointed out the following key points on data security breaches and security investments :
- on the majority of occasions companies are taking an outdated approach towards security, that is still living in the perimeter based security solutions world
- companies and data brokers/aggregators are often reluctant to report security breaches evenwhen they have the legal obligation to due to the fact that, either the breach still hasn't been detected, or the lack of awareness on what is a breach worth reporting
- the flawed approaches towards quantifying the costs related to Cybercrime are resulting in overhyped statements in direct contradiction with security spending
- companies still believe in the myth that spending more on security, means better security, but that's not always the case
- given the flood of marketing and the never ending "media echo" effect, decision makers often find themselves living with current trends, not with the emerging ones, which is what they should pay attention to
There's also a rather simplistic explanation on the effect of industry convergence :
"Mogull also said that functional convergence in security products is occurring. For example, host firewalls, antivirus, antispam, and basic host intrusion prevention are combining into single, desktop agents. In the future, this will make security less complex, he said."
Wish the analyst has reached the potential TCO increase and the beneficial diversification of appliances/products trade-off concept stage, one that naturally depends on the perspective of course. Meanwhile, here's an article on how NOT to "sell security" to your CEO, they tend to understand the basics of ROI, it's just the RO(S)I they want to scientifically apply -- compliance is perhaps your best friend these days. It's not about the percentage of spending, but on what you're actually spending for, and when.
Go through a previous post on information security market trends to consider, and try to stay on the top of security, not in line with it.
Thursday, July 20, 2006
"In fact, there are several military and intelligence employees, some retired and some active, who turn the defense job into a hobby, helping to point out and explain foreign military curiosities at the very civilian level of Google Earth. One current imagery analyst explained that, though he never divulges classified information, he often ‘identifies naval vessels at’ bases that ordinary Google Earth explorers have stumbled upon. Also, maps from sites such as Globalsecurity.org are overlayed onto the framework of Google Earth. Like an army of ants, the nearly 550,000-strong Google Earth community has voraciously explored the North Korean military installations, including : Musadan-ri/No-Dong missile test site, Pipa Got naval base, Cho Do naval base"
Given the powerful driving force and the size of the Google Earth's community it could definitely save tax payers' dollars, but high-resolution and timely imagery still remain a critical issue here. Open Source IMINT is gaining scale and I'm sure someone's watching the trend as well.
Related resources and posts :
The "threat" by Google Earth has just vanished in the air
Suri Pluma - a satellite image processing tool and visualizer
Security quotes : a FSB (successor to the KGB) analyst on Google Earth
Satellite Reconnaissance of the Future (1998)
Military Reconnaissance Satellites (IMINT)
Military Intelligence Satellites
North Korea Sightseeing
Shedding light on North Korea (330+ placemarks)
Monday, July 17, 2006
The concept is great, excluding the dark web(closed behind authentication, and basic crawler blocking approaches), but what bothers me besides all the fuss is that it's a signature based approach taking advantage of the most recent Google's crawl of the Web. 0day malware naturally remains undetected, while it's a great way to sum up the percentage of infections with known malware on different domains/hosts, given you know what and where to look for. It's not the binary nature of a malware to emphasize on, but today's malware released under a GPL license, an issue I stated as a key factor for the future growth of malware at the beginning of 2006. I also came across to an article pointing out the same problem :
"Open tools and techniques have found favor among an unlikely community. Malware writers are using open-source ideas and tools to share malicious code, collaborate, and wreak online mayhem, the security firm McAfee said in a report issued Monday. Cyber criminals are making available source code with documentation so that it can be easily modified using popular open-source project management tools like Content Versioning System (CVS), thus giving malware creation a high degree of efficiency, said McAfee’s Global Threat Report for 2006."
To keep the discussion going by the time I release a summary of what I've been coming across for quite a while -- tons of bot source codes available on the public Web, barely any binaries -- go through previous posts related to the diverse topic as well.
UPDATE : eWeek has a nice article on the topic
Malware trends - Q1, 2006
What are botnet herds up to?
Why relying on virus signatures simply doesn't work anymore?
Skype to control botnets?!
The War against botnets and DDoS attacks
Master of the Infected Puppets
One bite only, at least so far!
Look who's gonna cash for evaluating the maliciousness of the Web
The anti virus industry's panacea - a virus recovery button
No Anti Virus Software, No E-banking For You
The Current State of Web Application Worms
Web Application Email Harvesting Worm
Unknowingly Becoming a Child Porn King
Real-Time PC Zombie Statistics
Malicious Web Crawling
Agobot configuration interface courtesy of Hakin9's "Robot Wars – How Botnets Work".
Sunday, July 16, 2006
"Weaponizing space when there really isn't any competitor is a really bad idea. Truly though, the issue that obfuscates things is the US military's change from a threat-based acquisition system (where weapon systems were acquired to combat specific and verifyable threats) to a capability-based acquisition system is the problem. The switch to a capability-based system, being divorced from threats (since the Wall fell, most of the threats did as well), can find justification for new weapon systems even if there isn't a verifyable enemy or even a proven, irreplaceable need in warfare for the technology. Case in point - nobody is challenging the US for air surpremacy, yet we have massively expensive acquisitions underway for the F-22 (which should have been killed in 1991) and the F-35 (Joint Strike Fighter)."
Just came across to a great initiative aiming to act as a faciliator for debating the problem. The SpaceDebate.org aims to :
"expand the debate on the weaponization of space through a collaborative wiki-like tool for structured debate on a topic. You can learn more by taking the quick tour, reading the about page, or browsing our frequently asked questions. You can also jump into the debate by browsing our argument list or one of the positions"
I feel there's a more serious problem we should be discussing for the time being compared to the world's super powers waging wars in space, and it's called Near Earth Object Protection -- there's even a distributed client for tracking the hazard posed by NEOs. For instance, consider the following alternatives for combating the real threat in space - the universe itself :
"There’s been no shortage of ideas how to fend off unfriendly fire from the cosmos: laser beams, space tugboats, gravity tractor, and solar sails for example, as well as using powerful anti-NEO bombs, conventional as well as nuclear. Ailor, also Director of The Aerospace Corporation’s Center for Orbital and Reentry Debris Studies, told SPACE.com that creative ways to deflect Earth-harming NEOs are far from being exhausted. People have put a lot of concepts on the table over time, Ailor said. Now we’re beginning to try and develop an organized way of looking at those things and finding out which ones are really viable in the short-term, medium-term, and what technologies do we need to protect and develop for the long-term as well."
I've always thought the human race is an experiment of a super intelligent race trying to figure out how long it's gonna take us to self-destroy our kind. In case you're interested in the current situation on space warfare, you can also go through the Space Security 2006 book (111 pages), and previous editions as well. An excerpt from the executive summary :
"A growing number of states, led by China, Russia, the US, and key European states, increasingly emphasize the use of space systems to support national security. Dependence on these systems has led several states to view space assets as critical national security infrastructure. US military space doctrine has also begun to focus on the need for “counterspace operations” to prevent adversaries from accessing space. Building on existing trends, in 2005 actors that included the EU, India, Israel, and Japan placed more emphasis on the national security applications of space. Israel and Japan introduced plans to boost surveillance capabilities from space. India’s Air Force urged the government to set up a Strategic Aerospace Command to better develop military space capabilities."
Don't look for enemies where there aren't still any, but deal with the real space threat. Camouflage, Concealment, and Deception (CC&D) techniques table courtesy of FAS's "Threats to United States Space Capabilities"
"A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems. The applicability of the proposed models and significance of the parameters involved are discussed. The limitations of the proposed models are examined and major research challenges are identified."
A handy summary of the report emphasises on how :
"The Alhazmi-Malaiya Logistic model has already seen success in its predictions:
-- In 2005, it predicted the number of vulnerabilities discovered in Windows XP would grow rapidly. It has indeed grown from 88 in January 2005 to 173 by the latest count, making the vulnerability density of XP comparable to that of earlier version of Windows.
-- The model predicted that very few new vulnerabilities will be found in Red Hat Linux 6.2, and the number has stayed unchanged at 117.
-- It predicted that the number of vulnerabilities of Windows 2000 will eventually range from 294 to 410. At that time of the prediction, the number was 172; it now is 250, and vulnerabilities are still being found."
Remember the U.S DHS's $1.24M bug hunt funding, that came up with a single X11 vulnerability? Money well spent for sure.
HD Moore who's obviously getting efficient, the potential of contests, futures market models, and my speculation on "every day there's a new 0day in the wild" ruin the effect of any model. Assuming no external factors influence the process, and the rest remain static -- while they rarely do -- it's a great initiative, still, more of a scientifically shooting into the dark one, given the great deal of uncertanties, and decentralized model of discovering, reporting, using and abusing vulnerabilities. If historical performance matters and can act as a key indicator for predicting the future, I wonder would MACs lack of vulnerabilities continue to generate hype, it's more of a "lack of incentives to find some" type of issue. Today's vibrant vulnerability research intrigue is indeed capable of ruining any model.
I also came across to a great point, indicating that :
"After the first week of flaws were released, one online miscreant from Russia shot off an e-mail to Moore, complaining that he had outed a vulnerability the Russian had been exploiting, Moore said.
"The black hats don't like that the fact that this is public because they have been using these bugs," Moore said. "By dumping out the bugs on the community, I'm clearing the air and letting the good guys know what others are doing."
From my point of view, the existence and usefulness of Metasploit is precisely the same type of dilema whether citizens should be allowed to carry guns for self-protection or blindly rely on 500 police officers for 500,000 people. Hopefully, with initiatives like the Month of the Browser bug ones, we would inevitably break through the "yet another 0day, where's my patch dude? type of security issues to deal with. At the bottom line that's a single, efficient security researcher who's definitely working on building more awareness on what the corporate trolls are ignoring for the sake of their product portfolio diversification.
It's also interesting to mention on the emerging underground 0bay model for selling 0day vulnerabilities :
"Cyber crooks are not hesitant to make such open declarations of illicit intent because of the anonymity offered by the Internet. Some have had the gall to try and peddle their information on popular online auction sites such as eBay. Last December eBay pulled an ad that was selling vulnerability information about Microsoft's spreadsheet program Excel. That was a bold, if foolhardy, move on the part of the seller, because eBay is hardly blackmarket at all, said Ross Armstrong, senior analyst at technology consultancy firm Info-Tech Research Ltd. in London, Ont."
and its corporate form, on which Sergio Hernando was kind enough to point me to. The VulnDisco Pack Professional :
- contains more than 80 exploits
- each month about 5-10 new exploits are made available in the form of updates
- VulnDisco Pack Professional licenses are not limited to a number of seats
and you can actually see an OpenLDAP 0day exploit in action for yourself.
Metasploit image courtesy of Metasploit's blog.
Related resources and posts:
Was the WMF vulnerability purchased for $4000?!
0bay - how realistic is the market for security vulnerabilities?
Where's my 0day, please?
Delaying Yesterday's "0day" Security Vulnerability
Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Getting paid for getting hacked
"Technology as the next Revolution in Military Affairs (RMA) was inevitable development, what's important to keep in mind is knowing who's up to what, what are the foundations of their military thinking, as well as who's copying attitude from who. Having the capacity to wage offensive and defense cyber warfare is getting more important, still, military thinkers of certain countries find network centric warfare or total renovation of C4I communications as the panacea when dealing with their about to get scraped conventional weaponry systems. Convergence represents countless opportunities for waging Cyber Warfare, offensive one as well, as I doubt there isn't a country working on defensive projects."
Recently, there's been some movement from North Korea's Cyber Warfare unit 121, one that :
"North Korea set up about eight years ago with some 1,000 personnel, said the intelligence official, who declined to be named because it was the agency's policy to remain anonymous. The North's operation, called unit 121, "has hacked into the South Korean and U.S. Defense Department" and has caused much damage in the South, the official said without elaborating."
According to numerous articles on recent "anomalies" at unclassified U.S state department systems, these might actually have to do with the group's actions itself -- quite a momentum to take advantage of, isn't it? Any country's interest in establishing cyber war forces shouldn't come as a surprise to anyone. But while North Korea is trying to balance its military powers through asymmetric and cyber warfare approaches given its outdated conventional weaponry thinking, I feel the real beast to worry about is China, who's sneakily hiding behind its currently strategic economic position. As the latest report on "Military Power of the People’s Republic of China 2006" points out :
"The People’s Liberation Army (PLA) has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks."
Taiwan is reasonably taking note on China's historical cyber warfare actions and has recently initiated its first cyber war game simulating attack from China :
"The drill, part of the island's annual major war game Hankuang No. 22, was held Wednesday and Thursday to intercept, block and counter a possible Chinese cyber attack of Taiwan's major computer network to paralyze the island's intranet operation, the Central News Agency quoted an unnamed defence source as saying."
Let's don't forget the use and abuse of island hopping points fueling further tensions in key regions and abusing the momentum itself, physically locating a network device in the future IPv6 network space is of key interest to all parties.
War room courtesy of Northrop Grumman.
Friday, July 14, 2006
- The arms race
- The boom of the Web, and the now experienced dotcom industry, has generated a whole new breed of wannabe entrepreneurs
- From some people's point of view, cupidity is just profit-maximization
- Among Dell's most important strategic objectives were to cut the intermediaries, thereby lowering the final price of a PC and stealing market share. Trouble is, hardware turned into a commodity these days
- AOL - the Internet's powerhouse from the early days of the Web itself, got the necessary attention from both, Microsoft, and Google due to the highly competitive atmosphere the rivals created. Eyeballs converted into revenue sources
- Since the standartization of advertising creative, online ad revenues quadrupled
- Commodity markets are the true nirvana when it comes to betting and the potential to gain enormous returns in a short period of time
- The proliferation of false statements by the Senator, has resulted in decline in our sales due to privacy concerns
- Achieving liquidity should be issue number one for a less capital goods intensive organization
- Licensing not only cuts R&D costs, it also provides a company with the ability to gain competitive advantage, and improve its value-added proposition next to its rivals' ones
- The arms race in patents and brands registering across the world, has resulted in a great deal of still unused, and in beta mode of testing technologies and names
- The competitiveness in the Business Services market segment that IBM was seeking, is among the main reasons for their sale of the company's entire PC units devision -- today's Lenovo
An analysis of hard cover security ads from the most popular business magazines will follow at the beginning of the week. Actual shots, the messages themselves and detailed recommendations are to be included as well. Information security and business always tend to intersect, excluding one is like ignoring the other.
Monday, July 10, 2006
- "Defence Research and Development Organisation (DRDO) hard drive theft. The hard drives were stolen from the offices of the Scientific Analyses Group (SAG) and the Institute for System Studies and Analyses (ISSA) inside the DRDO complex. The SAG is responsible for cryptography. In other words, all codes and cyphers to ensure communication security for the defence forces have an SAG stamp. The ISSA, on the other hand, analyses competing weapons systems for induction into the armed forces."
- "Rabinder Singh. It is said there was a question mark over his reliability since the early 1990s when he began an operation for the collection of intelligence about US government activities in South Asia through a sister of his, who was employed in a sensitive US agency with links to the CIA."
- "Rattan Sehgal. The IB's counter-intelligence division reportedly found that a woman CIA officer posted in the US embassy was in contact with government servants and others on a mobile telephone, allegedly registered in the name of their boss, the suspect IB officer."
- "KV Unnikrishnan. During those jaunts in Singapore, compromising photographs of the stewardess and her lover were taken. These photographs and other documents were recovered by mid ’86 and it was learnt that Unnikrishnan was working for the CIA."
- "Larkins Brothers. The Larkins’ interrogations led to the arrest of Singh and it was found that Jockey and Bud were CIA operatives."
- "Samba Spy Case. By 1974, he began working for its army's Field Intelligence Unit at Sialkot on a regular basis. In the June of 1975, Dass was arrested on suspicion of espionage but by then he had persuaded some of his colleagues (including a certain Aya Singh) to become accomplices."
Understanding the past means predicting or at least constructively speculating on the future. Insider leaks due to HUMINT recruitment activities may seem to have vanished given the increasing number of IT-dependent infrastructures and the insecurities their connectivity brings -- SIGINT taking over HUMINT espionage. While modern spy gadgets remain trendy, this very same connectivity has resulted in various hacktivism tensions in the past, namely the India vs Pakistan cyberwar, and, of course, MilW0rm's infamous speculation on breaching India's Bhabha Atomic Research Center through the use of U.S military servers as island-hopping points.
Office surveillance graph courtesy of BugSweeps.
A recent article at The Korean Times, makes some very good points on the cons of censoring the reporting of "sudden events", and the typical for a (modern) communist type of government, total centralization. It emphasises on how :
"Beijing's approach is fundamentally flawed. The news media is a positive force in society. A free press is necessary to keep the government on its toes, especially when the government itself is not accountable to the public. Restricting the press will result in a public that is kept in the dark and in local governments whose excesses will no longer be subject to scrutiny.
Beijing should understand that many of today's problems today stem from abusive local officials. Premier Wen Jiabao acknowledged at a press conference in March that some local governments have infringed upon the legitimate rights and interests of the people, and social conflicts have subsequently occurred.
In this struggle between victimized farmers and avaricious officials, the press—and the central government—are on the same side. Muzzling the press will only deprive the victims of a powerful champion while enabling grasping officials to line their pockets without fear of being exposed. Surely, this cannot be what the Chinese government wants."
In case of a "sudden event" I feel they'd rather be winning time compared to keeping it quiet, then again I guess ruling one of the largest nation in the world while trying to maintain stability -- FDI matters folks -- is a dauting task, but one not necessarily having to do with ignoring the situation. Government accountability and possible changes in voting attitudes in China don't exist, mainly because there isn't any other party, but THE party, therefore historical (under)performance doesn't count at all.
In comparison, whereas Chinese citizens suffer from the lack of information or the blocked access to it, in the U.S there's a controversial debate going on regarding over-performing investigative journalists revealing details thought to be sensitive to national security, and the overall availability of potentially sensitive information to the general public. The problem isn't the "leak" as it's a common sense practice, but the publicity it got in the post 9/11, privacy-preserving society -- or at least one trying to. Doesn't really matter if the FOIA turned forty, "redacting" is often misspelled for censorship, in between the lines of personal and sensitive information.
At the bottom line, government practices' transparency with the help of the media watchdogs, a government incapable of knowing the exact state of a situation by itself, or the notion of too much publicly available information in today's OSINT world, up to you to decide, just don't rule, run business, or blog, by excluding the middle, or you'll sooner or later face with it in one way or another.
Sunday, July 09, 2006
- Quoted in an article by Arthur G. Insana for ImediaConnection.com back in 2004, discussing the various threats posed by trojan horses. Trouble is, I'm no longer affiliated with the company. Respect the individual!
- Quoted in an article by Bill Brenner on the "Storm Worm" and social engineering when it comes to malware in general
- My paper on the future trends of malware got Slashdotted
- Security.nl covered the International Exploits Shop in an article
- Yet another article at Security.nl this time regarding my future trends of malware paper.
- Marc Olanié at Reseaux-Telecoms.net has been writing lots of articles regarding my research worth going through
- Microsoft, concepteur de virus
- Des truands, des failles, du business...
- Danchev sur l'Achat de failles
- Bientôt, le virus et l'attaque DoS on demand
- Encore et toujours F-Secure/Kaspersky...
- Clusif : le rapport criminalité 2005, chantages et escroqueries
- Le Cyber-Jihad fait trembler l'Amérique
- La vie secrète du phishing : 20/20 en éco et géographie
- Symantec : Boulevard du crime... et au delà
- Future of Malicious Code references my future trends of malware paper. Here's the French version
- Entwurf eines Kunstlichen Immunsystems zur Netzwerkuberwachung auf Basis eines Multi-Agenten-Systems references future trends of malware
- Limiting Vulnerability Exposure through effective Patch Management: Threat Mitigation Through Vulnerability Remediation references my best practices on security policies
- Developing a Security Policy refences my paper on security policies
- Policy Review references my paper on security policies
- Hu Xiaodong, “Security Centre for an Enterprise thesis”, CS Department, Stockholm’s University, references Building and Implementing a Successful Information Security Policy
- Jinqiao Yu, "TRINETR: An Intrusion Detection Alert Management and Analysis System dissertation", College of Engineering and Mineral Resources at West Virginia University, references Building and Implementing a Successful Information Security Policy
- Philippe Farges and Annick Tremblet, "Project on Trojans", Department of Computer Science Linkoping Institute of Technology, Sweden, references The Complete Windows Trojan Paper
- Fausi Qattan & Fredrik Thernelius, "Deficiencies in Current Software Protection Mechanisms and Alternatives for Securing Computer Integrity", Department of Computer and Systems Sciences
Stockholm University - Royal Institute of Technology, references The Complete Windows Trojan Paper
- Reyes, Juan Carlos, "Una Aproximación Teórica a la Prevención del Factor Humano en la Seguridad Informatica", references Reducing "Human Factor" Mistakes
- Rezan Fisli, "Secure Corporate Communications Over VPN-Based WANs", references Building and Implementing a Successful Information Security Policy
- Vo Khac Thanh, "An IT security policy framework", Asian Institute of Technology SAT : School of Advanced Technologies, references Building and Implementing a Successful Information Security Policy
- Rohmadi Hidayat, "Deteksi Trojan Dan Penanganannya", references The Complete Windows Trojan Paper
- Robert J. Kaufman III, "Susceptibilities Policy Review (Top-Down Methodology) Lesson 7 PPT", The University of Texas at San Antonio, College of Business, references Building and Implementing a Successful Information Security Policy
- Steven M. Michnick, "Information Security Framework for Small and Medium Sized Businesses", references Passwords - Common Attacks and Possible Solutions
- Samer Catalan, "Trojan Horses", RWTH Aachen University, references The Complete Windows Trojan Paper
- Stephen M. Specht and Ruby B. Lee, "Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures", Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, International Workshop on Security in Parallel and Distributed Systems, references The Complete Windows Trojan Paper
- Delwyn Lee, Adam Marks, David Bell, “Student Residence Secure Solutions Analysis of ResNet Security”, references Building and Implementing a Successful Information Security Policy
- Clarissa L. Evans Brown, “A Policy to prevent outsider attacks on the local network”, GSEC Practical Assignment, references Building and Implementing a Successful Information Security Policy
- Hatim Ali Badr, “Online home users Defense in Depth”, GIAC Practical Assignment, references The Complete Windows Trojan Paper
- Tim Strong, “PestPatrol in a Corporate Environment: A Case Study in Information Security” – GIAC Practical Assignment, references The Complete Windows Trojan Paper's Future of Trojans section
- Sorcha Canavan, "An Information Policy Development Guide for Large Companies" – GSEC, Practical Assignment, references Building and Implementing a Successful Information Security Policy
- Gregory R. Panakkal, “Advanced Survival Techniques in Malware”, Cochin University of Science and Technology, references The Complete Windows Trojan Paper
- Michael D. Thacker, "Effective Security Policy Management” – Virus Bulletin 2005 Conference, references Building and Implementing a Successful Information Security Policy
- My paper regarding security policies has been discussed in a network security course at the George Mason University
- University of Melbourne’s Network Security Course teaches on my security policies publication
- University of Houston are giving assignments on my security policies publication
- Tim Lackorzynski, "Future Trends of Malware PPT", Fakultät Informatik, Technische Universität Dresden, Proseminar Dependable Systems is discussing my "Malware - Future Trends" research
Saturday, July 08, 2006
01. The fine art of shoulder surfing - Many hackers download their tools but traditionalists skilled in shoulder surfing still pose a threat. to Security on july 2
02. VCs discuss the next big things - Cell phone gambling in China and other wireless trends are what venture capitalists at Brainstorm were talking about. to Investing Mobile on july 2
03. Life After Privacy - Personal information is no longer personal. The only question is: who gets to see it? to Security Privacy on july 2
04. Spy Agency Sought U.S. Call Records Before 9/11, Lawyers Say - The U.S. National Security Agency asked AT&T Inc. to help it set up a domestic call monitoring site seven months before the Sept. 11, 2001 attacks, lawyers claimed June 23 in court papers filed in New York federal court. to Intelligence Surveillance Wiretapping Terrorism NSA on july 2
05. MySpace, a place without MyParents - Scott Granneman looks at the mass hysteria surrounding MySpace social security issues, examines a collection of frightening reports, and then discusses the real issue of parenting and parental supervision behind keeping our children safe. to Security NewMedia MySpace on july 2
06. Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation - This document aims to provide a complete discussion on vulnerability and patch management. It looks first at the trends relating to vulnerabilities, exploits, attacks and patches. These trends provide the drivers of patch and vulnerability management. to Vulnerabilities 0day on july 2
07. 'Blue Pill' Prototype Creates 100% Undetectable Malware - Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying.. to Malware Rootkit Technology on july 2
08. Hacker attacks hitting Pentagon - "This stuff is enormously important," said John P. Stenbit, the Pentagon's chief information officer until 2004. "If the keys get into the wrong hands, all kinds of bad things happen. to Defense InformationWarfare on july 2
09. Data Mining Myspace Bulletins - I was able to whip together a small C program that generates urls, retrieves the bulletin, and saves the html to a file. Once all of the data has been downloaded, it's easy to parse through using a tool like grep. to Security NewMedia MySpace on july 2
10. How A Trigger Set Off A Logic Bomb At UBS PaineWebber - A forensics investigator testifying at the computer sabotage trial of a former systems administrator for UBS PaineWebber detailed how each line of code in the trigger helped set off a devastating logic bomb. to Insider Malware on july 2
11. On the Economics of Information Security - Papers - The Fifth Workshop on the Economics of Information Security (WEIS 2006). to Security Leadership on july 2
12. What's Wrong with This Picture? - A messy desk is a vulnerable desk. We've created one with 20 egregious violations of a good policy. See if you can find them. to Security Workplace on july 2
13. Space attack on satellites could be devastating - If the US does not protect its Earth-orbiting satellites, the equivalent of a car bomb in space could take the economy back to the 1950s, according to witnesses testifying in Washington DC earlier this week. to Military Satellite Space SPAWAR on july 2
14. Air Force to spend $450K datamining blogs for war on terror - The Air Force Office of Scientific Research recently began funding a new research area that includes a study of blogs. Blog research may provide information analysts and warfighters with invaluable help in fighting the war on terrorism. to Intelligence Terrorism Surveillance Technology on july 2
15. How Did U.S. Assess Iraqi Bioweapon Production? - One of the most vivid allegations made by the U.S. government regarding Iraqi weapons of mass destruction was the claim that Iraqi had developed mobile laboratories for the production of biological weapons. to Intelligence on july 2
16. Month of Browser Bugs - I will publish one new vulnerability each day during the month of July as part of the Month of Browser Bugs project. to Vulnerabilities 0day Metasploit on july 3
17. IM's Hidden Dangers - But unlike water-cooler chatter, IMs leave a trail—one that can be tracked by employers, regulators, and law-enforcement officials. And like e-mail, IMs are considered legal documents. to IM Compliance on july 6
18. Trend Micro Execs Face Probe - Agency may charge CEO and her husband with trading in shares of his former company, SINA. Trend Micro reported revenues of $621.9 million in 2005, compared with $587.4 million in 2004. The company currently has nearly 3,000 employees around the world. to Investing AntiVirus on july 6
19. Blast from the past: '50s Nevada A-bombs light LA's night sky - In the early 1950s, several above-ground atom bomb tests at the Nevada Proving Ground were visible in Los Angeles. This photo and five similar ones from 1951-1955 are from the Los Angeles Public Library Photo Database. to Defense Nuclear Technology on july 6
20. FOIA at Forty - The fortieth anniversary of the Freedom of Information Act, signed into law by President Johnson on July 4, 1966, was marked with the release of several interesting and informative publications.
to FOIA on july 6
21. Early Days On The Anti-Virus Front: A Personal Perspective - An anti-virus programmer reminisces about the people and the organizations that were pivotal in the earliest days of the war against computer viruses.
to Malware AntiVirus on july 6
22. The Blue Pill Hype - The working prototype I have (and which I will be demonstrating at SyScan and Black Hat) implements the most important step towards creating such malware, namely it allows to move the underlying operating system, on the fly, into a secure virtual machine. to Malware Rootkit Innovation on july 6
23. New PoC virus can infect both Windows and Linux - The virus is interesting, said analysts on Kaspesky's Viruslist website, because it is capable of infecting ELF, the file format used for Linux systems, and PE, Windows' file format. to Malware on july 6
24. Iranian intelligence services ban access to Azerbaijani websites - He reported that the ban aims at depriving Iranian Azerbaijanis of the contact with the international community. to Censorship Intelligence Iran on july 6
25. Can the N.Y. Times Be Charged Under the Espionage Act? - Can The New York Times be prosecuted for their story about the government's secret terrorist finance tracking program? to Intelligence Espionage Terrorism FreeSpeech on july 6
26. Text messaging censorship: PITA, BFD, or BTHOM? - Text messaging and the first level of censorship begins at the phone. While it's certainly possible to enter any word using the alphabetic method in which a=2, b=2-2, c=2-2-2, d=3 and so on, it isn't very convenient. to Censorship Mobile on july 6
27. Iran Accuses Academic Of Espionage For U.S. - Iran today accused jailed academic Ramin Jahanbegloo of having spied for the United States, with the aim of toppling the ruling Islamic system. to Intelligence Espionage Iran on july 6
28. Italian intelligence officials arrested over CIA kidnap - Italian police arrested two officials with Italy's military intelligence agency on Wednesday on suspicion of helping the CIA in the alleged kidnapping of a terrorism suspect in Milan, judicial sources said. to Intelligence Espionage CIA on july 6
29. New York Times Draws Criticism Over Decision to Reveal Intelligence Program - Executive editor of the New York Times Bill Keller and former director of the NSA Admiral Bobby Inman debate the newspaper's publication of the Bush administration's surveillance of banking records and the process in deciding what is fit to print. to FreeSpeech on july 6
30. Hackers May Lose Nuclear Option - The risk was illustrated in 2003, when the Slammer worm penetrated a network at the idled Davis-Besse nuclear plant in Ohio, disabling a safety monitoring computer for nearly five hours. to SCADA Nuclear Cyberterrorism Malware on july 7
31. 3 arrested in Coca-Cola trade secret scheme - "As the health of our enterprise continues to strengthen and the breadth of our innovation pipeline continues to grow, our ideas and our competitive data carry increasing interest to those outside our business." to Insider Espionage on july 7
32. Proactive Protection: a Panacea for Viruses? - The first in a series of articles that discuss the newest technologies used by antivirus companies which focuses on proactive technologies. to Malware Innovation on july 7
33. Japan to speed up installation of missile defense system - The envisioned missile defense system will detect launches of ballistic missiles with Aegis and other sophisticated radar systems and shoot them down with the sea-based Standard Missile-3 and the land-based Patriot Advanced Capability-3. to Defense Military on july 7
34. FCC CALEA Wiretap Rule for Broadband and VOIP - This document addresses the assistance capabilities required, pursuant to section 103 of the (CALEA- for facilities-based broadband Internet access providers and providers of interconnected Voice over Internet Protocol (VoIP). to Security Terrorism Intelligence Wiretapping CALEA VoIP Compliance on july 7
35. Tensions Ramping up with North Korea - "The U.S. was hell bent on espionage over military objects of the DPRK in March when it staged large-scale RSOI and "Foal Eagle" joint military exercises, bringing about the dark cloud of nuclear warfare." to Defense Military Reconnaissance on july 7
36. Over 1,200 Cases of U.S. Aerial Espionage - Translated 2004 News Items - Involved in the aerial espionage were latest reconnaissance planes of different missions including U-2, RC-135, E-8C, E-3, RC-7B, RC-12, RF-4, P-3 and EP-3. to Espionage Military Reconnaissance on july 7
37. Interview : An Ethical Hacker Protects the World Cup Network - Dr. Tom Porter is the mastermind behind the security for the World Cup network and a lifetime hacker himself. He shares his thoughts about network security, hacking and protecting the World Cup network. to Security Interview Leadership on july 7
38. Google’s Microsoft Syndrome - Google has fixed a security flaw in its RSS reader that could have allowed hackers to steal users’ personal information, but experts warned Thursday that the online giant could increasingly become a magnet for hackers, displacing Microsoft as the No. 1 target to Vulnerability Google NewMedia Web on july 7
39. Hefty bill for online click fraud - Online advertisers paid more than $800m last year for fraudulent clicks on their ads and more than a quarter of them have reduced their spending as a result, according to a study by the Outsell media research firm. to NewMedia Advertising Investing on july 7
40. BitDefender Ships Anti-Rootkit Beta - The anti-virus vendor, based in Bucharest, Romania, on July 7 lifted the wraps off a new anti-rootkit utility that promises to spot and delete stealthy software programs that are used by malicious hackers to hide malware. to Malware AntiVirus Rootkit Technology on july 7
41. VPN market to hit $29bn by 2009 - The virtual private network (VPN) services market was worth $23bn (£12.5bn) in 2005 and is expected to grow another 22 per cent to hit $29bn (£15.8bn) by 2009, according to an industry analyst. to Security VPN Investing on july 7
43. Mod terror documents found in ditch - According to the newspaper, it includes phone numbers for the UK's most important military figures, such as the Defence Secretary, Chief of Defence Staff and Director of Special Force. to Security on july 7
44. Authorities say gangs using Internet - Some of the country's most notorious street gangs have gotten Web-savvy, showcasing illegal exploits, making threats, and honoring killed and jailed members on digital turf. to PSYOPS on july 7