Network Security Blog

MOTD Archives (Sonic.net, Inc.)

Once again, I’m glad to be using an ISP that’s willing to take some steps to combat spam and systems abuse. Sonic.net just announced that they will be firewalling any system using high speed DSL. By default, they will be blocking common exploitable ports and port 25. I’ll have to look at the list and see what else qualifies.

Sonic is also offering complete firewalling, which I assume means you have to enable ports on an individual basis, and just firewalling port 25. I think this is tremendous service to offer customers. For the people out there who have the technical skills to run their own mail servers, Sonic offers static IP addresses with no firewalling, which is what I’m opting for. It’s going to take actions like this from ISP’s everywhere to stem the tide of spam.

I’m very glad to see Sonic take these steps to protect their users, and I hope other ISP’s take note. As one of the largest independent (largest?) ISP’s, I hope Sonic is a group the corporate ISP’s are willing to learn from. Are you listening AOL?

SC Magazine: $25k Mac virus competition taken off line

This is just what we need, someone offering hackers additional incentive to create viruses. I’m just glad they were smart enough to hear the community at large and stop the competition.

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis

This is related to another incident last week, but the new incident involves servers that are not supposed to be vulnerable to the DNS cach poisoning. So, is there a new vector of the poisoning, or is this a different aspect of the same vulnerability? Keep an eye out for traffic bound for 209.123.63.168, 64.21.61.5 and 205.162.201.11.

MercuryNews.com | 03/28/2005 | Stolen UC Berkeley laptop exposes personal data of nearly 100,000

I suspect that somewhere there’s a college student who’s trying desperately trying to get rid of a laptop. The campus police believe this to be a simple case of theft where the culprit got more than they bargained for. In any case, what were the ~90k records doing on the laptop in the first place?

Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection

I’m still trying to decypher some of the packet captures in this article. It’s interesting that a coworker was asking about this topic just this morning. The article goes into a level of detail I rarely see, but could be hard to swallow in one reading.

The author suggests poisoning network management traffic to mislead passive wireless sniffers. I can only imagine this being viable in the most sterile of network environments, which few of us will ever see. I couldn’t do this in my network, there’s too much allowed on the wire/over the airwaves for it to be reliable.

Schneier on Security: TSA Lied About Protecting Passenger Data

The Transportation Security Administration (TSA) lied about how much information they had, how they controlled it, who had access to it, and how it was being used. From the very start, they’ve lied to the American public. This from the agency that’s supposed to be protecting us. There is no way that could not be construed as a purposeful obfuscation of comprimises the information they hold.

Most people I talk to seem to be under the mistaken assumption that there is some sort of mechanism in place to keep this sort of data exploitation from happening. But unless we demand that the people who control our data be held responsible, only the most minimal efforts will be spend on protection.

While I expect it’s still impossible to find out if you are on this list or not, I wonder if anyone affected by these abuses live’s in California. If they do, how could SB1386 and similar legislations affect the TSA and disclosure? It would be nice to see one of these bills used to pry further information about what’s been going on out of the TSA. Like that’s really going to happen given the current administration.

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis

Here’s a good explanation of an ongoing DNS cache poisoning currently going on. Those of you with Windows NT and 2000 DNS servers should definitely read this article and the associated MS article.

Where to go to eavesdrop on wireless networks

Here’s another article on SecurityFocus.com quoting me. Does this mean I’m becoming a ‘respected professional’?

Page Hijack Exploit: 302, redirects and Google

There have been several posting on various sites lately about how Google search results are being hijacked and redirected to malicious sites. This is one of the best explinations of how its being done. So if you’ve seen a recent drop off in your website traffic, this may be part of why it’s happening. I seriously doubt my site has anything to worry about, and it doesn’t sound like there’s much I could do about it anyways, but I hate relying on security through obscurity.

Business school ‘hack’ raises ethical questions | The Register

A few weeks ago a poorly configured server at a company called ApplyYourself Inc. allowed college applicants to look at the status of their applications. The legality of this access was questionable, but this action was certainly unethical. This article goes into exactly what happened, the response of several of the schools, and, most importantly, the ethical implications of the students’ actions. Take a moment to read the article and consider the ethical implications of a career in security.