Irregular Expressions


December 16, 2010  1:07 PM

Cyber attacks



Posted by: Dan O'Connor
cyber attack, georga cyber attacks, wikileaks

http://213.251.145.96/cable/2007/06/07TALLINN375.html

This is one of the best cables I have seen in the wikileaks mess and in itself is worth reading about the cyber preparedness of Georga during the Invasion and cyber attack.  The make some good points that everyone involved in the defense was able to work well together and there was little bureaucracy stopping them.

December 16, 2010  1:05 PM

The happenings of wikileaks – Part 2



Posted by: Dan O'Connor
wikileaks

From what I have seem and what I have been able to read, I am starting to doubt what is being said about charging him with espionage. Everything that I can find says that it will be nearly impossible to make that charge stick.

The key points where that he needed to be involved with the thief, directly no. But I guess I could see an indirect argument that he provided a place for the stolen material to be stored.  But along that line, this could have been sent anywhere to any news organization.

Also that he knew that this was going to cause damage, and there is several quotes from members of the US gov saying that this will not.

So looks to me that will be as hard as making food stick to a Teflon pan.


December 14, 2010  1:45 PM

The happenings of wikileaks – Part 1



Posted by: Dan O'Connor
legal, wikileaks

So I have been following what has been going on with the release of the documents by wikileaks and the backlash from the US gov.  I am still waiting for the extradition request being sent in to have Mr.Assange sent to the US.

I am not sure that will be happening, I am not a legal expert but I have been trying to research what I can about what they will charge him with.  The leading change that seems to be what they will use is Espionage although everything I can find about the law and what other legal experts are saying that this will be extremely difficult to do.


December 14, 2010  11:38 AM

What not to do



Posted by: Dan O'Connor
4chan, gawker

http://blogs.forbes.com/firewall/2010/12/13/the-lessons-of-gawkers-security-mess/

It’s always good to know what not to do during an incident.

Here is the link to the torrent on piratebay.

http://thepiratebay.org/torrent/6036819/Gawker_Sites_Hacked_Databases__amp__More

It’s important before you have an issue like this to have a plan to deal with the media, this includes deciding if you should say anything at all or say everything.

The worst thing to do is say something before all the facts are in, it can create a sense of distrust especially when you are reporting that accounts have been or not been compromised.  Also taunting a a hacker group like 4chan is never really going to work out well for you in the end.


November 30, 2010  5:11 PM

P2P DNS?



Posted by: Dan O'Connor
links

Really?

I guess it’s kinda neat.

http://news.yahoo.com/s/digitaltrends/20101130/tc_digitaltrends/piratebaycofounderproposespeertopeerdns


November 30, 2010  5:01 PM

Stuxnet specifics – Part 2



Posted by: Dan O'Connor
malware, Stuxnet

So what else did it have?

Two command and control servers, both were gone with-in 24 hours of the worms discovery.

During the initial release of the information the sites carrying the information came under a denial of service attack for 24 hours so who every was running the network had time to clean up.

So with all of this, I think who ever ran this got what they wanted out of it, more time would have been great. You can’t expect it not to be found and I think 24 months is a pretty good run for something like this, so 18 out of 24 is not bad at all.

Is this the first time weaponized software has been used?
I can’t think that is true at all, sure it’s the first time it’s been found but I would think something previously developed could be remotely wiped to try and avoid study and detection.


November 30, 2010  4:50 PM

A few more Stuxnet specifics – Part 1



Posted by: Dan O'Connor
malware

So I have been doing a little more reading about stuxnet and I have some interesting details that I have collected.

What is known is that stuxnet has the ability to jump between machines using removable media. If you read in to that, it makes you think that what ever it was targeting was something not connected to the internet. This can leave a short list of possible targets.

It had four zeroday attacks as a method of infection, I can’t recall a single variant of worm or virus having that kind of firepower.

It’s code was signed! Ta-da, it had not one but two digital certificates that where stolen to have it’s code trusted by the OS.

It targeted two specific SCADA systems one built by Seimens and the other by an Iranian company.

Once it starts targeting them it messes around with the speed of the centrifuges running them either way too fast or almost not at all while hiding this from the command and control infrastructure displays.


November 28, 2010  11:16 PM

Windows UAC by-pass



Posted by: Dan O'Connor
ms, uac, vulnerabilities

I have been reading about this for a little, but this one takes the cake.

http://www.pcworld.com/article/211765/microsoft_downplays_nightmare_windows_kernel_flaw.html

MS is downplaying the severity of the vulnerability because its not a remote vulnerability in itself and would have to be combined with another vulnerability.

That’s kinda disturbing, its not like it’s hard to come up with remote execution code for windows based system, I bet there has been at least one every two months for who knows how long.

Read it your self and come up with your own opinion.

Enjoy.


November 28, 2010  7:36 PM

HTTPS Everywhere!



Posted by: Dan O'Connor
hotmail, https, links

Well it’s not babies everywhere ( http://www.youtube.com/watch?v=Y6rE0EakhG8 ) but I think this is even better!

https://www.eff.org/https-everywhere

This is a great addon to get your https in places that wont allow you to get it by default. ( I have seen some that want to charge to put that “s” in there for you, bad bad bad )

Now you can have your cake and eat it to!

This will be useful for the new hotmail privacy settings that wont let your basic account have https by default.

Enjoy.


November 27, 2010  1:31 AM

More Stuxnet news



Posted by: Dan O'Connor
links

I still have an intense interest still in stuxnet.

Here is a little more information about the worm, more of what it was targeting, and information about the current work being done on it.

http://www.symantec.com/connect/blogs/stuxnet-breakthrough


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: