[SecurityRatty] tag: aims

Anti-Terror Law Mission Creep in the U.K.

Fri, 07 Nov 2008 05:18:44 +0000

First terrorists, then trash cans:

More than half of town halls admit using anti-terror laws to spy on families suspected of putting their rubbish out on the wrong day.
Their tactics include putting secret cameras in tin cans, on lamp posts and even in the homes of 'friendly' residents.

The local authorities admitted that one of their main aims was to catch householders who put their bins out early.

DIY Phishing Pages With Command and Control Interfaces

Thu, 06 Nov 2008 03:31:43 +0000

The day when DIY phishing pages start coming with manuals is the day when consciously or subconsciously a phisher is lowering down the entry barriers into phishing for yet another time. A much more user-friendly compared to the old-fashioned -- yet effective -- rock phish directory listing, a recently released command and control interface for Rapidshare phishing campaigns aims to empower its users with easy dynamic link generation for their campaigns.

What they've managed to achieve is another trust factor since Rapidshare generates a second dynamic link upon clicking on the original one. The script not only generates a dynamically looking link, but also, actually logs in the victim into their account in order to avoid suspicion whereas it still logs all the accounting data.

Scammers also tend to be ironic every then and now. For instance, in this particular case, one of the users finds it ironic that the Rapidshare phishing page is hosted at Rapidshare itself. Is the script actually working? It appears so at least going through a misconfigured accounting data dump left by one of the phishers.

Related posts:
Phishing Pages for Every Bank are a Commodity
DIY Phishing Kits
DIY Phishing Kit Goes 2.0
DIY Phishing Kits Introducing New Features
209 Host Locked
209.1 Host Locked
66.1 Host Locked

Hackers leverage Obama win for massive malware campaign

Wed, 05 Nov 2008 02:00:00 +0000

Hackers are using the results of the U.S. presidential election to launch a major malware campaign that aims to trick users into installing a Flash update that actually plants a Trojan horse on unprotected PCs.

Links for 2008-09-22 [del.icio.us]

Mon, 22 Sep 2008 20:00:00 +0000

Exposing Indias CAPTCHA Solving Economy

Fri, 29 Aug 2008 13:03:37 +0000

"Are you a Human?" - once asked the CAPTCHA, and the question got answered by, well, a human, thousands of them to be precise. Speculations around one of the main weaknesses of CAPTCHA based authentication in the face of human CAPTCHA solvers, seems to have evolved into a booming economy in India during the past 12 months, with thousands of people involved.

The following article - "Inside India’s CAPTCHA solving economy" aims to expose legitimate data entry workers, whose business models and techniques are in fact used by Russian cybercriminals not only for personal phishing, spamming and malware spreading purposes, but also, to resell the bogus accounts and earn a premium in the process :

"No CAPTCHA can survive a human that’s receiving financial incentives for solving it, and with an army of low-wagedIndia CAPTCHA breakers human CAPTCHA solvers officially in the business of “data processing” while earning a mere $2 for solving a thousand CAPTCHA’s, I’m already starting to see evidence of consolidation between India’s major CAPTCHA solving companies. The consolidation logically leading to increased bargaining power, is resulting in an international franchising model recruiting data processing workers empowered with do-it-yourself CAPTCHA syndication web based kits, API keys, and thousands of proxies to make their work easier, and the process more efficient."

Cybercrime is just as outsourceable as CAPTCHA breaking is these days.

Related posts:
The Unbreakable CAPTCHA
Spam coming from free email providers increasing
Gmail, Yahoo and Hotmail’s CAPTCHA broken by spammers
Microsoft’s CAPTCHA successfully broken
Vladuz's Ebay CAPTCHA Populator
Spammers and Phishers Breaking CAPTCHAs
DIY CAPTCHA Breaking Service
Which CAPTCHA Do You Want to Decode Today?

A Security Assessment of the Internet Protocol

Wed, 20 Aug 2008 03:48:56 +0000

Interesting:

Preface
The TCP/IP protocols were conceived during a time that was quite different from the hostile environment they operate in now. Yet a direct result of their effectiveness and widespread early adoption is that much of today's global economy remains dependent upon them.

While many textbooks and articles have created the myth that the Internet Protocols (IP) were designed for warfare environments, the top level goal for the DARPA Internet Program was the sharing of large service machines on the ARPANET. As a result, many protocol specifications focus only on the operational aspects of the protocols they specify and overlook their security implications.

Though Internet technology has evolved, the building blocks are basically the same core protocols adopted by the ARPANET more than two decades ago. During the last twenty years many vulnerabilities have been identified in the TCP/IP stacks of a number of systems. Some were flaws in protocol implementations which affect only a reduced number of systems. Others were flaws in the protocols themselves affecting virtually every existing implementation. Even in the last couple of years researchers were still working on security problems in the core protocols.

The discovery of vulnerabilities in the TCP/IP protocols led to reports being published by a number of CSIRTs (Computer Security Incident Response Teams) and vendors, which helped to raise awareness about the threats as well as the best mitigations known at the time the reports were published.

Much of the effort of the security community on the Internet protocols did not result in official documents (RFCs) being issued by the IETF (Internet Engineering Task Force) leading to a situation in which "known" security problems have not always been addressed by all vendors. In many cases vendors have implemented quick "fixes" to protocol flaws without a careful analysis of their effectiveness and their impact on interoperability.

As a result, any system built in the future according to the official TCP/IP specifications might reincarnate security flaws that have already hit our communication systems in the past.

Producing a secure TCP/IP implementation nowadays is a very difficult task partly because of no single document that can serve as a security roadmap for the protocols.

There is clearly a need for a companion document to the IETF specifications that discusses the security aspects and implications of the protocols, identifies the possible threats, proposes possible counter-measures, and analyses their respective effectiveness.

This document is the result of an assessment of the IETF specifications of the Internet Protocol from a security point of view. Possible threats were identified and, where possible, counter-measures were proposed. Additionally, many implementation flaws that have led to security vulnerabilities have been referenced in the hope that future implementations will not incur the same problems. This document does not limit itself to performing a security assessment of the relevant IETF specification but also offers an assessment of common implementation strategies.

Whilst not aiming to be the final word on the security of the IP, this document aims to raise awareness about the many security threats based on the IP protocol that have been faced in the past, those that we are currently facing, and those we may still have to deal with in the future. It provides advice for the secure implementation of the IP, and also insights about the security aspects of the IP that may be of help to the Internet operations community.

Feedback from the community is more than encouraged to help this document be as accurate as possible and to keep it updated as new threats are discovered.

Upping The IPS Ante

Wed, 30 Jul 2008 11:14:48 +0000

My colleague at Forrester, Chris Silva, recently commented upon the recent Air Defense acquisition by Motorola. Looking at the deal through the security lens, I completely agree with Chris that this will help ease integration of wireless security into wireless infrastructure. It's good to see one of the major wireless brands step up and take wireless security seriously. Perhaps that other major wireless vendor will get the hint...

Upping The IPS Ante

Motorola announced this week its intentions to acquires Wireless IDS/IPS vendor AirDefense. The acquisition may provide a bit of deja vu to readers who recall the acquisition of Network Chemistry's wireless IDS/IPS assets by Aruba Networks in 2007.

Meru Networks, eschewing acquisition for product introduction made its own announcement on Monday, announcing the company's RF Barrier, an active RF management solution that aims to solve the problem of what the vendor is calling "leaky RF." The Meru solution actively blocks 802.11 RF from escaping the physical confines of a WLAN deployment to thwart external "parking lot" attacks by closing Wi-Fi based attack avenues.

In fact, 2007 - 2008 has been a time focused on shoring up the security of the WLAN as the networks become more critical to over 50% of enterprises Forrester sees investing in the networks today. As the networks are more pervasive, moving toward covering the entire physical environment, and more employees are relying on Wi-Fi to access corporate data and applications, it's high-time to secure the WLAN.

In the case of Motorola, the Wi-Fi network is especially critical. As the vendor embarks on selling its message of the all-wireless enterprise, where WLANs will interconnect not only users to the network, but networke edge devices -- such as WLAN access points -- to the network along with storage, printers and other peripheral devices, the WLAN is citical and, therefore, a major focus for security.

In markets such as retail, standards like the Payment Card Industry's Data Security Standard dictate wireless security, but compliance and regulation aside, it is becoming easier to secure the WLAN, regardless of the industry you are in. Vendors are rapily working to close security gaps with product enhancements and new product introductions. Look for a broader suite of solutions to address security coming from your primary network vendor; while this won't negate the need to integrate these add-on network elements, the single source should ease integration to some degree.

How secure do you feel your organization's WLAN is today? What are your concerns either about securing the network or its current lack of security?

Sophos plans to acquire German data security company

Sun, 27 Jul 2008 20:00:00 +0000

Security vendor Sophos plans to acquire Utimaco, a German company specializing in software that aims to prevent sensitive data from escaping corporate networks, an increasing focus with the rise in data breaches.

China aims to protect Olympic content from pirates

Wed, 09 Jul 2008 09:00:00 +0000

China warned Web sites and mobile content providers not to violate the state-owned broadcaster's rights to cover the Olympic Games.

Nigeria aims to end mobile phone theft

Mon, 30 Jun 2008 20:00:00 +0000

Mobile phone theft in Nigeria could become a thing of the past by the end of the year, according to the Nigerian Communications Commission (NCC).