Saturday

Shmoocon 2008 videos are online



After the presentations of Shmoocon 2008, the videos are now also coming online.

http://www.shmoocon.org/2008/videos/

BUT some of the filenames are incorrectly named. Go over to room362.com to see the list of incorrect videos. I'm sure this will be corrected in the coming hours or days. But for now, time to load them on your ipod.

Belgian University constructs desktop PC that equals processing power of a Cluster



Researchers of the University of Antwerp assembled a desktop PC with four dual GPU videocards. Their research group Astra is focussed on combining 2D images from different angels into a 3D one.
Because these calculation are perfect for parallel computing, the researchers had a look at GPUs. Each graphics processor (GPU) contains 128 small subprocessors that can all work in parallel. They plugged four 9800GX2 videocards on a desktop motherboard and used Cuda to write their software. Thanks to this, the images can be constructed in hours instead of weeks if this was done on a PC with a Quadcore. The PC dubbed 'Fastra' based on normal consumer hardware should be as fast 350 modern CPU's. Compared to a real cluster, the costs are a lot lower and it saves a lot of space. Price: less then 4.000 Euro.

Now I wonder how fast it can calculate hashes?

(Source: Tweakers.net)

Bonus: They have a video and more images available.

Related articles:

Presentation on the Storm Worm



Thorsten Holz from the Honeyblog published a presentation on the Stormworm which might be worth looking at (there is some interesting information on how it communicates):

The presentation is now available. It provides an overview of Storm Worm and highlights various aspects of the botnet. The presentation is an extended version of our LEET'08 paper on the same topic.

Storm is still an interesting botnet. However, the botnet is getting smaller and smaller - nowadays there are typically less than ten thousand machines online during a typical day. Seems like the good ol' days of Storm are over... (Source: Honeyblog)
Related articles:

Wednesday

ENISA: Concerted EU efforts are needed to avoid a ‘digital 9/11’ and combat cyber threats



This was released today by ENISA:

ENISA, the EU Agency for European Network and Information Security, today highlighted key online security issues in Europe, showcasing how it helps to counter cyber attacks, spam and risks of online social networking. The Agency also underlined EU Member States’ imbalances in addressing security threats at a media briefing in Brussels. ENISA concludes that Member States have a long way to go in safeguarding the e-economy. Europe should not wait for a ‘digital 9/11’, but instead reduce imbalances in national security approaches.

The Agency underlined the crucial importance of Network and Information Security (NIS) for the European economy, in particular in regards to the i2010 goals. Today, 30% of global trade is ‘digitally dependent’. Spam costs business about €64,5bn in 2007, double the 2005 figure (Source: Ferris). As only 6% of spam reaches mailboxes, the problem is perceived to be under control. However, it is growing in quantity, size and bandwidth and remains a costly problem, with 94 % of spam being the invisible part of the ‘iceberg’. The Agency highlighted its success in mitigating cyber attacks by supporting the set up of ‘Computer Emergency Response Teams’ (CERTs), akin to ‘digital fire brigades’. In 2005, only eight EU Member States had governmental CERTs, whereas in 2008 the number has almost doubled to 14, with ten more planned within the next one to two years.

The Agency is an Expert body, providing independent, expert advice to the EU and its Member States, in e.g. Risk Management/Assessment, Awareness Raising, security policies, resilience, etc.

Read entire article.

General Report 2007:

As far as I can see, luckily Belgium is on the list for a planned government CERT (see picture above). We formed a gap in the picture on the left. Kudos to the BELNET CERT team for handling as much cases as possible outside their constituency so far. Let's hope this will get the help they need.

The BlackHat 2008 USA Twitter page



You can now keep a close watch on the Blackhat USA 2008 event from their Twitter account.

"Setting up our first webinar to introduce some of the hot topics for BH USA 2008. It's scheduled for June 26 11am PST. More soon"
For those who didn't know, you can also follow a Twitter page through a RSS feed. You don't need to have a Twitter account.

Quote of the day




"You must do the thing you think you cannot do" -- Eleanor Roosevelt

Tuesday

Beware. A wide scale attack on Adobe Flash Player (updated)



ISC, Symantec and Ddanchev together have breaking news on a Flash Zero Day Vulnerability.

It's been a while since we've last witnessed malware attacks using zero day vulnerabilities, and the latest one exploiting a zero day in Adobe's flash player is definitely worth assessing. The current malware attack has been traced back to Chinese blackhats, who are using a zero day to infect users with password stealers, moreover, one of the domains serving the Adobe zero day has been sharing the same IP with four of the malware domains in the recent waves of massive SQL injection attacks, indicating this incident and the previous ones are connected.
He also give a recommendation I have given before:
Consider blocking flash by using Flashblock for instance, until the issue is taken care of :

"Flashblock is an extension for the Mozilla, Firefox, and Netscape browsers that takes a pessimistic approach to dealing with Macromedia Flash content on a webpage and blocks ALL Flash content from loading. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content. "

It could have been worse, as "wasting a zero day exploit" affecting such ubiquitous player such as Adobe's flash player for infecting the end users with a rather average password stealer is better, than having had the exploit leaked to others who would have have introduced their latest rootkits and banker malware.
Read the full analysis.

Proxy admins might consider filtering the "application/x-shockwave-flash" header for the moment. For IE users, there is a possibility to use the kill bit to stop the Flash player.

Q240797: How to Stop an ActiveX Control from Running in Internet Explorer
http://support.microsoft.com/default.aspx?scid=kb;en-us;q240797

Last but not least, block the domains wuqing17173.cn and woai117.cn who are used in the attack. AV detection for the exploit is +-10% and for the trojans around 50%. Update the patch as soon as it will be released.

UPDATE
: If you have deployed version 9.0.124.0, you are safe. Adobe provides this page where you can check for yourself. Symantec and ISC updated their information and aren't considering it a zero day anymore.

Shadowserver has their own analysis which lists some other domains used in the attack.
tongji123.org
bb.wudiliuliang.com
user1.12-26.net
user1.12-27.net
ageofconans.net
lkjrc.cn
psp1111.cn
zuoyouweinan.com
user1.isee080.net
guccime.net
woai117.cn
wuqing17173.cn
dota11.cn
play0nlnie.com
0novel.com
So upgrade your flash players and should a zero day be around the corner, the correct killbit CLSID is BD96C556-65A3-11D0-983A-00C04FC29E36 or for Firefox use flashblock.

Related articles:

Monday

Free image resources for your presentations



Well, it's not only useful for presentation but also for your blog or website designer. A good way to get rid of those overloaded bulletpoint presentations is the use of images. But free images especially good images are hard to find. You must be careful with just using any picture because from the moment they are taken, they're copyrighted. To be truly safe, you need to find images with explicit licenses that give you the rights to use them (Creative Commons licenses being the most common these days). Webworkerdaily provides us with some excellent resources:


Screenshot

Stock.XCHNG is the best site I know of for finding free stock photography - they’ve got over 350,000 free photos online at the moment. You can browse by category or search by keyword to find images you like, and just about any search I’ve tried has returned multiple high-quality images. The site’s default license agreement is very broad, making the bulk of the images safe to reuse, and their image browser is quick. This should be your first port of call when hunting images.

ScreenshotFlickr should be familiar to everyone, and it’s a good starting point for finding images that you can use. The key to using Flickr to find reusable photos is to go through the advanced search page. Here you can specify that you only want Creative Commons-licensed content returned, and further limit that to content you can use commercially, if that’s what you want.

ScreenshotA new site, compfight, manages to offer a better Flickr search than Flickr itself - at least, if your goal is to visually scan a lot of potential photos quickly. It uses the Flickr API, and lets you toggle Creative Commons search right under its search box. Results are returned on thumbnail pages, 250 to a page. If you find one you like, a click will get you to its Flickr page to check the licensing details.

ScreenshotOpenphoto is a wiki-based photography site. Anyone can register and upload images. All images on the site are required to be under a Creative Commons license (Attribution-ShareAlike by default). As a user, you can browse or search by tags to find the photos that you want. Each image is very clearly marked with the required attribution information. One thing to watch out for: their search engine also returns images from the Dreamstime stock photography site, which are generally not free.

ScreenshotStockvault is another site of free photos - though their terms of use specify free for non-commercial use only. You can search by keyword or browse through a category tree to see photos. Like Openphoto, they also include Dreamstime results in their searches.

ScreenshotThe Flickr Related Tag Browser, from Airtight Interactive, is a sometimes-useful supplement to Flickr search. It lets you search for photos by tag, but crucially, it shows you related tags after the search. If you’re having trouble finding the images that you want, following the tag trails this way can help you hone in on ones that actually have a reasonable number of photos available.

I was already using the first two for my presentations but I will definitely check out the latter.

Related posts:

The Cisco Security Response: Rootkits on Cisco IOS Devices



At the security conference eusecwest, Sebastian Muñiz presented IOS rootkits (the Cisco Router Operating System):

Public rootkit implementations for Cisco IOS have not been seen and system administrators tend to think that this is not possible or that even being possible, a generic method could not be created and that a skilled attacker is needed to target them. We will present DIK (Da Ios rootKit), a real multi-architecture rootkit to show that real threat exist and that advanced IOS forensics are probably not enought to detect it.

No public IOS rootkit implementation has been publicly presented before and the techniques employed here are generic and could be easiy usd to implement other closed-source OS rootkits.

In response, Cisco has released an updated version of its Cisco Security Response: Rootkits on Cisco IOS Devices document.

Abstract from the document:

Cisco has analyzed the available information and recommends following industry best-practices to improve the security of all network devices. Specific recommendations are available in the Additional Information section of this Security Response.

Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports. We would like to thank Mr. Sebastian Muniz and Core Security Technologies for working with us towards the goal of keeping Cisco networks and the Internet, as a whole, secure.

Well, that's a very positive attitude. So don't forget to harden your routers and not only your servers.

Sunday

Presentations from the European OWASP Application Security Conference



Last week, the OWASP Security Conference was in Belgium. Unfortunately, I couldn't make the time to go. But the presentations are online. They are not yet all complete but probably will be in the coming weeks.

Papers from Web 2.0 Security and Privacy Workshop



The papers for the Web 2.0 Security and Privacy workshop are now available, and can be found on the program page. Presentations should be online soon.

For a small review, visit the infosec events blog.

Abstract:

I enjoyed many of the talks, especially Collin Jackson and Adam Barth’s Beware of Finer-Grained Origins presentation, and of course Niels Provos’ All Your iFrames Are Point to Us keynote.

So were there any cool tools or resources announced at the workshop? I’m not sure about new releases, but there were a couple neat things.

5 Steps to Slide Design for Non-Designers

Ellen Finkelstein has a very interesting article on slideshare.net about 5 Simple steps to improve the design of your presentations and a way to lessen a bit on those bullet points.

1. Create a custom color scheme
2. Format the slide master
3. Choose a background
4. Tell ‘n’ show
5. Use simple layouts

Read the entire article for the details.

She made some example slides :
---

Related posts:

Friday

Brain Rules, The presentationzen slides

The Author of Brain rules has his own blog. I noticed that Garr Reynolds from Presentationzen had a lot of praise about his book and made a similar slideshow as he did for Johnny Bunko - a Career guide book. It's just beautiful done.

Garr Reynolds, author of "Presenation Zen," has a great post on his blog discussing the book: Brain Rules for PowerPoint & Keynote presenters.

Here's what Garr says about the book:

"Brain Rules is one of the most informative, engaging, and useful books of our time. Required reading for every educator and every business person. My favorite book of 2008!"


Above: here's a slide presentation Garr created based on some of the ideas in Brain Rules.

Thursday

A list of updated domains used in the SQL injection attacks



Shadowserver posted an interesting list of the domains used in the recent SQL attack. You could just monitor any unauthorized changes to your website if you have change management and monitoring in place. Alternatively, you could use Google alerts with some google foo like "site:www.mysite.be" in combination with some other terms or domain names to keep track of unauthorized changes. Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your choice of query or topic. You can also use Google alerts to track certain topics like I use for "Storm Worm" for example. It could possibly be used to track Black PR activities related to your company. Something to think about. But let's have a look at those domains.

Below is a list of domains used in the mass SQL injections that insert malicious javascript into websites. We've also included an approximate number of pages infected (according to Google). Note that these numbers decay with time. Some of these domains were injected long ago and have been cleaned. At their height, their numbers may have been larger.

www.nihaorr1.com468,000
free.hostpinoy.info444,000
xprmn4u.info369,000
www.nmidahena.com140,000
winzipices.cn75,000
sb.5252.ws69,000
www.aspder.com62,000
www.11910.net47,000
bbs.jueduizuan.com44,000
www.bluell.cn44,000
www.2117966.net39,000
s.see9.us39,000
xvgaoke.cn33,000
1.hao929.cn20,000
www.414151.com17,000
cc.18dd.net15,000
yl18.net15,000
www.kisswow.com.cn13,000
urkb.net13,000
c.uc8010.com9500
rnmb.net7000
www.ririwow.cn6000
www.killwow1.cn4000
www.qiqigm.com3600
www.wowgm1.cn3500
www.wowyeye.cn2800
9i5t.cn2500
computershello.cn2300
www.z008.net1600
b15.3322.org1200
www.direct84.com1100
www.caocaowow.cn900
www.qiuxuegm.com800
firestnamestea.cn700
%61%2E%6B%61%34%37%2E%75%73 (a.ka47.us)600
%61%31%38%38%2E%77%73 (a188.ws)500
www.qiqi111.cn230
www.banner82.com90
smeisp.cn85
okey123.cn55
www.nihao112.com45
al.99.vc45
www.aidushu.net45
www.chliyi.com40
free.edivid.info40
52-o.cn40
www.fucksb.net40
www60.actualization.cn40
d39.6600.org40
h28.8800.org34
ucmal.com30
t.uc8010.com30
www.dota11.cn25
bc0.cn20
%33%2E%74%72%6F%6A%61%6E%38%2E%63%6F%6D (3.trojan8.com)20
www.adword71.com17
killpp.cn16
w11.6600.org13
usuc.us13
www.msshamof.com10
newasp.com.cn7
www.wowgm2.cn8
mm.jsjwh.com.cn8
17ge.cn4
www.adword72.com2
www.117275.cn1
vb008.cn?
www.wow112.cn?

www.nihaoel3.com
The list might not be that useful anymore but it gives a nice idea about the number of website affected. Since the attackers stay very dynamic and make us of fast flux dns, they have already moved to some new domains. Thanks to ddchanchev for providing them.
The botnet masters behind Asprox are converging tactics already, by fast-fluxing the SQL injected domains. Related URLs for this campaign :

banner82.com
dll64.com
aspx88.com
bank11.net

cookie68.com

exportpe.net


Read the complete assessment - Fast-Fluxing SQL Injection Attacks Executed from the Asprox Botnet, and go through previous posts related to the botnet as well - Phishing Emails Generating Botnet Scaling; Inside a Botnet's Phishing Activities; Fake Yahoo Greetings Malware Campaign Circulate
If you have some original Google search terms to keep track of 'security events', feel free to share them.

Previous articles:

Cisco and the Golden shield project



A few days ago, we had a little discussion about project "Golden Shield", a mass surveillance system. Just yesterday, Wired had an article about Golden shield and a leaked presentation about Cisco.

From Wired.com:

An internal Cisco document (.pdf) leaked to reporters on the eve of a Senate human rights hearing reveals that Cisco engineers regarded the Chinese government's rigid internet censorship program as an opportunity to do more business with the repressive regime.

The 90-page document is an internal presentation that Cisco engineers and staffers in China mulled over in 2002 as the central government was upgrading its local, state and provincial public safety and security network infrastructure. Under the category "Cisco Opportunities," the document provides bullet point suggestions for how it might service China's censorship system called the "Golden Shield", and better known in the West as the Great Firewall of China.

Read full article.

And to not give the wrong impression of Cisco, another small abstract from the article:

One of Golden Shield's stated goals in the Cisco presentation was to "combat 'Falun Gong' evil religion and other hostiles," -- a statement that was attributed to Runsen Li, the Chinese government information technology chief in charge of developing the project.

Mark Chandler, Cisco's senior vice president of legal services, said during the Tuesday Senate hearing that he was "appalled" and "disappointed" when he saw that quote in the presentation.

"It is very regrettable that one of our engineers quoted directly from Mr. Runsen Li, the Chinese government's head of IT for the Golden Shield project in this internal presentation," said Terry Alberstein, a senior director of corporate communications at Cisco. "They do not represent Cisco's views, principles or its sales and marketing strategy or approach. They were merely inserted in that presentation to capture the goals of the Chinese government in that specific project, which was one of many discussed in that 2002 presentation."

I had a look at the presentation and there are some positive things that they can achieve through the deployment of surveillance and communication systems. It all depends on the wielder and if there will be a someone watching the watcher. I wonder if it will be used to tackle cybercrime?

Wednesday

The problem about stored procedures and SQL injections



With all the SQL injection attacks, it might be interesting to cover a bit more in this topic. The Security Development Lifecycle blog has a nice post by Michael Howard on a couple simple steps to help mitigate SQL Injection attacks. Some simple steps that are effective by reducing the attack vectors. Specifically:

-Don't allow create/modify procedure permissions

-Use a dedicated, non-admin database user account

-Don't use external stored procedures

Read the full post.

UPDATE: From Zero Day:

Ferruh Mavituna of Portcullis released a whitepaper entitled “DoS Attacks Using SQL Wildcards“, with some insightful comments on how it’s possible to multiply the attack tactics discussed to the point where not even a botnet would be needed to successfully accomplish them.

Tuesday

The discussion about the Hackersafe logo



Nate McFeters kicks the discussion into gear over at Zdnet: the hackersafe certification.

There are some more interesting links over 0x000000.com:

http://www.0×000000.com/?i=573
http://www.0×000000.com/?i=574

Relying on automated scanning alone does not guarantees that your site is "Hackersafe".

Risky business; podcast covering the AusCERT 08 conference



Check out the Risky business AusCERT '08 podcast covering this conference.

Subscribe via RSS/Podcatcher.

Some examples:

PRESENTATION: Shadowserver Foundation
INTERVIEW: Microsoft’s Security Intelligence Report…
INTERVIEW: AusCERT’s home user security survey…

Monday

Call for Papers Hack.lu 2008 (update)



UPDATE: Changed to the correct logo with the correct date 22-24 October!!!

Support an excellent, small but cozy conference:

*Call for Papers Hack.lu 2008*

The purpose of the hack.lu convention is to give an open and free playground

where people can discuss the implication of new technologies in society.

hack.lu is a balanced mix convention where technical and non-technical

people can meet each others and share freely all kind of information.

The convention will be held in the Grand-Duchy of Luxembourg in October 2008

(22-24.10.2008).

Scope

======

Topics of interest include, but are not limited to :

* Software Engineering and Security
* Honeypots/Honeynets
* Spyware, Phishing and Botnets (Distributed attacks)
* Newly discovered vulnerabilities in software and hardware
* Electronic/Digital Privacy
* Wireless Network and Security
* Attacks on Information Systems and/or Digital Information Storage
* Electronic Voting
* Free Software and Security
* Assessment of Computer, Electronic Devices and Information Systems
* Standards for Information Security
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network security
* Forensics and Anti-Forensics
* Mobile communications security and vulnerabilities

Deadlines

=========

The following dates are important if you want to participate in the CfP

Abstract submission : no later than 1 July 2008
Full paper submission : no later than 1st August 2008
Notification date : around end of August

Submission guideline (for standard paper track)

====================

Authors should submit a paper in English up to 5.000 words, using a
non-proprietary and open electronic format.

The program committee will review all papers and the author of each paper
will be notified of the result, by electronic means.

Abstract is up to 400 words. Submissions must be sent via the
http://www.hack.lu/ website.

Submissions should also include the following:

1. Presenter, and geographical location (country of origin/passport)and
contact info.
2. Employer and/or affiliations.
3. Brief biography, list of publications or papers.
4. Any significant presentation and/or educational experience/background.
5. Reason why this material is innovative or significant or an important
tutorial.
6. Optionally, any samples of prepared material or outlines ready.
7. Information about if yes or no the submission has already been presented
and where.

The information will be used only for the sole purpose of the
hack.luconvention including the information on the public website.

If you want to remain anonymous, you have the right to use a nickname.

(Accepted) Speakers' Privileges

====================

* Accommodation will be provided (3 nights)
* Travel expenses will be covered
* Conference speakers night

Publication and rights

======================

Authors keep the full rights on their publication/papers but give an
unrestricted right to redistribute their papers for the hack.lu convention
and its related electronic/paper publication.

Sponsoring

==========

If you want to support the initiative and gain visibility by sponsoring,
please contact us by writing an e-mail to info(AT)hack.lu

Web site

======

http://www.hack.lu/

Barcamp and interactive session

====================

During the conference, there is a continuous interactive session. You are
also very welcome to participate to submit small ideas, presentation or
poster. The review process is simplified and open to anyone willing to take
an active role during the conference. You can submit your proposal using the
same web interface for the barcamp but you don't require to submit a full
paper.

Submissions are done via the hack.lu website (http://www.hack.lu/)

Start here to submit a paper to this conference.
Step one of the submission
process<http://www.hack.lu/index.php/hl/2008/presenter/submit?requiresPresenter=1>

The hack.lu conference is organized by the ASBL CSRRT-LU (Computer Security
Research and Response Team Luxembourg)
Related posts:
PS: Thanks Didier for noticing the logo error

Quote of the day



"Everybody can make something complicated,
what's hard is to make something simple."

China's golden shield, a citizen mass surveillance system



I caught this over at slashdot. This goes a bit further then the great firewall of China and makes other mass surveillance look pale in comparison. And interesting (and scary) read:

China's Golden Shield: Corporations and the Development of Surveillance Technology in the People's Republic of China.

Executive Summary

China today faces a very modern paradox. On one side, the government understands that information technologies are the engine driving the global economy, and that Chinese economic growth will depend in large measure on the extent to which the country is integrated with the global information infrastructure. At the same time, however, China is an authoritarian, single-party state. Continued social stability relies on the suppression of anti-government activities. To state the problem simply, political control is dependent on economic growth and economic growth requires the modernization of information technologies, which in turn, have the potential to undermine political control.

The "Great Firewall of China" is failing, largely due to the increased volume of Internet traffic in China. The government knows that it can no longer hope to filter out all "objectionable" material before it enters China’s networks; and so, faced with these contradictory forces of openness and control, China is seeking to strike a balance between the information-related needs of economic modernization and the security requirements of internal stability. In seeking to reach this balance, the Chinese state has found an extraordinary ally in private telecommunications firms located primarily in Western countries. Many companies, including notably Nortel Networks, until recently Canada’s largest firm, are playing key roles in meeting the security needs of the Chinese government. Nortel Networks and other international firms are in effect helping China to displace the firewall it constructed at the international gateway with a more sophisticated system of content filtration at the individual level.

Old style censorship is being replaced with a massive, ubiquitous architecture of surveillance: the Golden Shield. Ultimately the aim is to integrate a gigantic online database with an all-encompassing surveillance network – incorporating speech and face recognition, closed-circuit television, smart cards, credit records, and Internet surveillance technologies. This has been facilitated by the standardization of telecommunications equipment to facilitate electronic surveillance, an ambitious project led by the Federal Bureau of Investigation (FBI) in the US, and now adopted as an international standard.

Many people in China have been arrested for Internet-related "crimes," ranging from supplying e-mail addresses to Internet publications to circulating pro-democratic information or articles that are critical of the Chinese government, in blatant contradiction of international human rights law guaranteeing freedom of speech. Charges are typically "subversion" or "threatening to overthrow the government" as the line between criminal activity and the exercise of freedom of speech is non-existent in China. The development of this new all-encompassing architecture of electronic surveillance will make the lives of such courageous activists even more difficult.

In November 2000, 300 companies from over 16 countries attended a trade show in Beijing called Security China 2000. Among the organizers was the "Chinese Communist Party Central Committee Commission for the Comprehensive Management of Social Security." A central feature of the show was the Golden Shield project, launched to promote "the adoption of advanced information and communication technology to strengthen central police control, responsiveness, and crime combating capacity, so as to improve the efficiency and effectiveness of police work." China’s security apparatus announced an ambitious plan: to build a nationwide digital surveillance network, linking national, regional and local security agencies with a panoptic web of surveillance. Beijing envisions the Golden Shield as a database-driven remote surveillance system – offering immediate access to records on every citizen in China, while linking to vast networks of cameras designed to increase police efficiency.

In order to make the Golden Shield a reality, the Chinese government is dependent upon the technological expertise and investment of Western companies. Canada’s Nortel Networks is playing a key role in these developments as witnessed by:

-- its joint research with Tsinghua University on specific forms of speech recognition technology, for the purpose of automated surveillance of telephone conversations;

-- its strong and early support for FBI plans to develop a common standard to intercept telephone communications, known as CALEA, in conjunction with technology transfer through its joint venture, Guangdong Nortel (GDNT);

-- its close relationship with Datang Telecom, a Chinese firm with substantial interests in the state security market in China;

-- the promotion of JungleMUX which allows video surveillance data to be transported from remote cameras back to a centralized surveillance point to the Chinese Ministry of Public Security (MPS);

-- the deployment of its "Personal Internet" suite in Shanghai, greatly enhancing the ability of Internet service providers to track the communications of individual users;

-- a US$10 million project to build a citywide fibre-optic broadband network in Shanghai (OPTera) enabling central authorities to monitor the interests of subscribers at the "edge" of the network, principally through the Shasta 5000 firewall, in direct conflict with the right to privacy. This technology will also make it more difficult for dissidents to have clandestine communications and facilitate police monitoring of Internet users attempting to access URLs not judged appropriate by the Chinese government;

-- the integration of face recognition and voice recognition technology in collaboration with AcSys Biometrics, a subsidiary of Burlington, Ontario-based NEXUS. (2)

Many other Western firms have been involved in the development of a repressive state security apparatus through the following developments:

-- a nationwide database containing information on all adult Chinese citizens;

-- smart cards for all citizens which can be scanned without the owner’s knowledge at a distance of a few metres;

-- closed-circuit television to monitor public spaces;

-- technology which allows the Public Security Bureau to make instant comparisons of fingerprints;

-- development of firewalls in China.

The self-interested high-tech discourse promises that new information and telecommunication technologies are inherently democratic and will foster openness wherever they are used. China’s Golden Shield: Corporations and the Development of Surveillance Technology in the People’s Republic of China debunks this myth. Technology is embedded in a social context and, in this report, it has been shown to bolster repression in a one-party state in the name of expanding markets and exponential profits.

Read the entire document here.

About tracking people, most of us don't realize or care that you can be tracked by carrying along your cellphone. Some of us get worked up about CCTV or RFID but we carry around our GSM anyway and never shut them off. Nothing new there, but what's new is that that signal now can also be used to track you inside of buildings:
"According an article from the Times, customers in shopping centers are having their every move tracked. Using cellphone signals, the system can tell when people enter the center, how long they stay in a particular shop, and what route each customer takes. The system works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation."
The particular tracking device described by the article is made by an English company called Path Intelligence.
Yes yes, I admit visiting the Mediamarket every week staring at that 80" LCD TV. ;-)

Using twitter to guard your house



I caught this over at lifehacker: Get Twitter Notifications From a Motion-Detecting Webcam. If you are a heavy twitter user, this might be interesting. I wouldn't suggest this for corporate use. ;-)

Linux only: One intrepid Ubuntu user has written up a nifty tutorial on using a webcam tool available in the standard repositories, motion, to turn a standard webcam into a motion-detecting security system. Once the camera sees something large enough move as to be suspicious, a custom script written by the blogger sends a notification to you through your Twitter account. It might not be the most reliable theft or home invasion prevention tool, but it could offer insight into when your roommates are invading your space or whether someone's using your laptop when they shouldn't be. The tutorial requires some command line work, but it's spelled out and explained pretty thoroughly. Photo by MShades.
Previous posts:

Another example of Black PR



In What is Black PR? A tour of the black arts, we had an introduction in this topic. The example in the previous post was British Airways against Virgin. Guestblogger Sam Aldis over at Spinhunters.org describes some methods that may be used to send a targeted company into liquidation:

Attacking The Stocks

You don’t have to break into a stock market website because the security can be very high. The best way to send your target company into liquidation is to get access to their news server (i.e. be able to post news) with access to this and the right to post news the attack can then effect the stocks by posting bad news about the company or predictions about what’s going to happen. That will be followed by a mass selling of stocks and the company will loose money and eventually be forced into liquidation. This will work even better if news items are posted to a RSS feed which is checked by people who own stocks or shares of the targeted company.

Attacking the Internals

If you are able to gain access to the Intranet or internal network of the company you might be able to change important information such as inflow and outflow sheets as well as cash flow forcasts in such a way that the company will use them to make decisions that will eventually force it into liquidation.

You may also be able to gain access to a list of current customers and send emails/snail mail to them with bad/incorrect information about the company which will make them choose to use a different company. This will also eventually close the company down. Finally, if you are able to get access to the password for a Skype or other VoIP service then you might be able to place a phone call to a local news paper with some incorrect information that will be damaging to the company when published.

Attacking the Cloud

If none of the above methods are possible then it is possible to leak false information into the cloud (the Tnternet). This can be done in several ways. The following list contains some of them:

  • Sending an email pretending an employee of the company and give information that will discredit the company.
  • Posting information about the company to your own blog/website if it has a good PR (page rank)
  • Spread rumors on social networks and other communication media on the Internet.

All of them can be done in an automatic manner.

So, will your security policy or firewall protect you against this? I think that this can have far much more impact then a security incident. Dataloss and brand damage is a disputed topic.

Using images to support your speech

It's only a commercial but I liked how the images supported the speech and didn't take away the focus from the presenter. No text (or little), images!!! (thanks for the tip Garr)



But this is impossible to integrate in a presentation you say? Let's have a look at Inbox Zero below. If you want to see him present it, here is the video. (yes, 58 minutes with only 26 slides). Just watch it if you want tips on how to manage your mailbox.



Have a look at some other examples here.

Previous posts:

Sunday

Another 2 new members for the Belgian Security Blognetwork



I'm happy to announce two members to the Belgian Security Blognetwork (RSS feed): Wim Remes from www.remes-it.be and Tom Van den Eynde from vandeneynde.net.

Let's introduce Wim:

I am a people-driven professional in the field of Information Security. While
network packets, secure server configuration, application auditing, process evaluation and security management make me tick, working with people is what makes me grow. Both as a person and as a professional.

My main focus lies in planning, designing and implementing secure network configurations (LAN, WAN & Perimeter), Information Security Audit (Technical & Administrative) and security analysis.
and let's introduce Tom:
Tom Van den Eynde graduated as an Industrial Engineer specialized in ICT (2003) from the De Nayer Institute. He started his carreer as a product manager in the hardware distribution sector, but being bitten by the information security virus he looks for opportunities to soon reorient his carrier.
In 2004, he started as a security engineer with C-CURE, a Belgian company specialized in design, implementation and management of corporate perimeters and internal networks. In this position he continued to heavily specialize in IT security and networking.
Today, he is a security consultant at C-CURE, who handles a number of managed customers, leads C-CURE’s service desk team, designs and implements security solutions and provides trusted advice for C-CURE’s customers. Besides a number of product certifications, he holds a CISSP and SANS GCIH certification.

So guys, I finally had the time to update our aggregated feed, so start to update those blogs!!! We're happy that you joined the club. ;-)

If you have a security blog and you want to join our feed, just drop me a message. So now, who is the first to join me on twitter?

Previous articles:

Saturday

The Belgian iPhone introduction and some new security tips



After nearly a year after the first (US) introduction of the iPhone, Mobistar the Belgian daughter of France Telecom, will sell the iPhone in Belgium. See their press release? Is this really hot news or not? Well, a recent survey shows us that there were already 15.000 iPhones in use in Belgium. Some unconfirmed reports even talk about 40.000.

These are of course imported jailbroken phones. The big difference is that these unlocked phones lose all their warranty and Apple warns us that jailbreaking them will damage the phone. Although I seriously doubt that last part.

The real launch date is still somewhat unclear. Only "somewhere later this year" was mentioned. But next month, the 3G model is rumored to be released. The big question is, which will be the one launched in Belgium? Releasing an older model in Belgium, combined with the dollar exchange rate will only drive the grey import further.

The truth is, that all these 'hacked' iPhones are inherently less secure. With all those unofficial applications that can be installed, there is a higher risk that insecure software is installed. Especially those software versions that do not support secure protocols to communicate to the internet (gmail, twitter, browsing,....). Features against functionality I guess.

There are some other remarks on the security of the iPhone (or other smartphones for that matter) that can be made.

The first one are the wifi networks that it can remember. Your iPhone will connect to other access points with the same SSID unless yours was an encrypted one. Hopefully, you're not using an unencrypted wireless network at home.
But for using the names of 'open' hotspots, that's another matter. Your iPhone will automatically connect if the name matches a previously connected network (SSID). This can allow for a Man in the Middle Attack (also see Evil Twin). You can mitigate this by using the VPN function of your iPhone. (I feel a tutorial coming up)

A second topic we haven't discussed yet is secure deletion. If you want to delete any private information, a firmware restore or 'erase all content' is not enough. You can use the following steps to delete your information.

  1. Got to Settings, General, Reset and Erase all Content and Settings
  2. Make a SSH connection to your iPhone and make a folder in '/' (root) and '/var' and upload as many files till the memory is full.
  3. Restore the iPhone through iTunes.
This week at the 40th birthday anniversary of Intel, the local director mentioned that the next iPhone will feature the intel Atom processor, their very small and low power processor.
The previous version carried an ARM processor. The bad news of this move is, that exploits for the i386 processor now will also work directly for the iPhone.

So that's all the iPhone news and tips for now. So how long will it take before our C-level managers are demanding us to synch their information with their PC? Just keep an eye on the release of the 2.0 version with it's enterprise (security) features.

Previous articles: