Irregular Expressions

November 29, 2012  10:29 PM

Syria Internet Blackout

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Earlier today (Nov 29) Syria fell off the Internet, as if someone pulled a large kill switch. Syria is reporting that it was not them, but the rebels that did it and they are working to restore the services. I am not sure how that story will fly, Syria already has a history of pulling the plug at various times. This is the first time that it has happened to such a large area and for such a extend period of time.

Also what does not seem to match the story is the straggler networks that stayed up for some time after the main kill switch was thrown.

Over the last year it appears that mass censorship of the internet is becoming the norm.

November 29, 2012  10:16 PM

Recycling when you should not

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I am not sure how something like this comes together to happen.

It appears that some people with sharp eyes checked out some of the confetti at the Macy’s parade and noticed that they were still readable and that it was information that should not be still readable.

Macy’s has reported that it does not use shredded paper, so now the hunt is on to try and figure out where this came from.

November 29, 2012  10:04 PM

Internet Control – Part 2

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I thought it worth pointing out a few things in the draft document of note that many will find issue with.

1) “The draft document has for example a clause that proposes to grant all national authorities the right to impose taxes on all incoming and outgoing telecommunications traffic and internet traffic termination fees.”

2) “A draft of the proposal, formulated in secret and only recently posted on the ITU website for public perusal, reveal that if accepted, the changes would allow government restriction or blocking of information disseminated via the internet and create a global regime of monitoring internet communications – including the demand that those who send and receive information identify themselves.

It would also allow governments to shut down the internet if there is the belief that it may interfere in the internal affairs of other states or that information of a sensitive nature might be shared.”

The issue of taxation is an quite a concept on the operation of a communications network like the Internet. I think more concerning is the ability for government to shut down the communications and forcing individuals to identify themselves.

We have also seen some of this behavior in other countries, Iran, Syria, or the great firewall of China. Implementation of things like this I would consider step backwards. This would have serious implications on the ability of people to communicate.

It’s also worth noting that the US has this ability too.

November 29, 2012  9:49 PM

Internet Control

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you have not already seen this, the control of the Internet will be decided in the very near future.

Currently the closest thing to an organization of being in charge of the internet is ICANN.

Why should people be concerned about this?
Right now the plan is to have the ITU assume control. The ITU or International Telecommunication Union is part of the UN. Which is kind of a good thing, the bad part of all of this is that governments only have a voice at the ITU. If you have been following the reports issued by Google, this might start to ring alarm bells. Really what is at stake right now is the ideal that people regardless of citizenship are able to communicate freely and openly.

Now there is no guarantee that having the ITU in control would be the end as we know it. But many of the countries that are in favor of this action or the ones that would have influence once the move is completed have a poor record of allowing free speech within their borders.

If you want your voice added to the opposition you can hit up Google.

November 26, 2012  10:24 PM

Anon Hacker Court Case

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Way back when Anonymous and lulzsec seemed to be running wild, it looked like law enforcement was not able to keep up with them or do anything to stop it. The attacks against Paypal, HBGary, Visa and Master card to name just a few. Not to mention the multiple pokes at the FBI every Friday.

From my perspective it seemed that they acted untouchable, and they almost seemed to be. After all of the targets they had hit there looked to be little response back. I am not sure if this made them a bit over confident in their abilities, or if that’s how they always operated. But that is the thing about law enforcement in cases like this, they did answer back when they were ready and they seemed to hit hard.

There is now a long list of people facing trial, some were part of lulzsec and others just are associated with anon.

BBC has an update on a anonymous case here.

They laws for these kinds of activities are not like they used to be twenty years ago, law enforcement is catching up if they have not already and prosecution understands this for the most part very well.

To be completely honest in some cases I think law enforcement needs to rethink it’s participation. I think that everyone can agree that sending a swat team for a nine year old girl that tried to download music might be a poor usage of resources. It makes me wonder how many people actually thought this was a good idea and how many in the group spoke up about taking a step back.

November 26, 2012  10:01 PM

iPad AT&T Data Leak

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Do you remember when the iPad was first released way back when. There was a problem with AT&T registration system that allowed you to send a ID from an iPad and it responded with the users email address?

Once the group figured out what they could do, they created a script that generated valid ID’s then ran them against the site and recorded the results. Instead of just stopping at a few and calling it a day it looks like ran up to 1000’s. At this point the case on the researchers side is that they did responsible disclosure, but if you read the IRC logs it does not really look like that.

Here is the link to Wired.

November 22, 2012  10:52 PM

South Carolina Department of Revenue Incident Report

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Some very interesting information in this report.

What really sticks out to me is;
1) This appears to have been targeted, the phishing attack. I wish it would say but I would think that what ever malware was executed by the email was modified to help avoid detection.

2) The account used to start the attack was gathered using the initial pish (they think). They were then used to login to remote services. If you are running remote access like Citrix or RDP, it would be best to try and place these behind another set of logins such as VPN. Then add on something like RSA’s SecureID. This way even if the name and password is stolen the still cannot be used with out the token.

3) The speed of the attack is fairly impressive. There was some recon as the attacker looked around the networking then about 10 days later they appear to dump anything they felt had value and ex-filtrated it out of the network.

4) The encrypted database dumps that were removed from the network also had their encryption key’s stolen. But those keys where encrypted, so it appears that it’s protected. The encryption was 256-AES, while not totally impossible, it should be beyond reach with a strong key.

Isn’t it neat the information you can collect from digital forensics?

November 18, 2012  11:21 PM

Why password reuse is a bad plan

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Here is an announcement from Adobe about a leak of ~200 email addresses and passwords, containing .gov and .mil addresses.

It looks like the passwords are hashed with md5, I can’t seem to find anything if they are salted or not. I don’t think it will matter much with md5 as the hashing algorithm.

November 18, 2012  11:10 PM

FreeBSD Announcement

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you installed FreeBSD between September 11th 2012 and November 2012 they are recommending you re-install your system from trusted sources.

At this point everything appears to be clean, and there is just limited information on what happened on the link. A leaked SSH key was the caused the intrusion. Safe guard those keys and passwords.

November 17, 2012  1:32 AM

Forensics Tool Directory

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

Handy if you can’t remember the name of a specific tool or if you are looking to update your jump kit.

Also a fun time poking around to see what other tools are out there.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: