Network Security Blog

Switched On: With Grokster decision, endangered gizmos will survive - Engadget - www.engadget.com

Here’s another article on how we won more digital rights than we lost in this decision. Basically, the Justices are saying that software vendors have to give more than a wink and a nudge to prevent the use of their technology for piracy. A service like the Apple iTunes store, which makes a sizable effort to prevent piracy, is rendered safe by this decision. On the other hand, a technology like BitTorrent, which was created to help share large files, can also be used to share movies, and may be left vulnerable by this ruling. We’re going to have to wait for the next legal challenge for more clarification, but I think this was a fair ruling.

Vulnerability in DELL Windows XP Professional - default hidden Administrator account allows local Administrator access

A back door is a bad idea to begin with. A back door with a blank password is foolish in the extreme. Dell may have some explaining to do to their customers. The only saving grace is that you need to have physical access to the computer to take advantage of the misconfiguration.

Boing Boing: What tomorrow’s Grokster Supreme Court ruling will mean

I had been following this case when it first began, but somehow lost it in the general shuffle. Here it is, popping up again. Mr. Doctrow is convinced that we’ve already won this battle, unless the Supreme Court makes an uncharacteristicly extreme ruling. He may be right, but that doesn’t mean the movie and record companies are going to stop here.

Risk-Averse.com: Computer Forensic Tools & Methods Should Be Subject to Peer Review

This is one of the better written articles on how real life computer forensics are used in the courtroom. Encase is a tool that’s being looked at where I work, and one of the selling points is that Encase will send out their own lawyers if the product is disputed in the case. This is in their own self-interest, since if they get invalidated even once, it makes future use of their product much more questionable.

(IN)SECURE Magazine

Just to show that I’m as susceptable to flattery as the next guy, here’s a link to a free new online magazine. The editor, Mirko, wrote me and said my blog was one of his ‘few favorites’.

Flattery aside, this mag is worth the time it takes to download and read. I found that I liked the articles in issue 1.1 more than 1.2, but I appreciate the article on protecting an organizaton’s public information. Take a few minutes to check it out.

Most Identity Theft Cases Never Get Resolved

When you tie this article in with the recent compromise at CardSystems Solutions Inc., it starts to get really scary for the Average Joe to have a credit card. As a consumer, you have to make sure you shred your bills, don’t leave your wallet or credit card in the wrong place, pay attention to where you’re shopping online and make sure you don’t accidentally fall for a phishing email or catch a virus. And even when you do everything right, the companies who give us these wonderful cards in the first place aren’t doing enough to protect us.

Americans as a whole are much too reliant on credit cards. We use them to shop for our clothes, buy our gas, get money out of the ATM and shop online. We’re a consumer culture, and identity theft may just be part of price we pay for that. I’m not quite ready to resign myself to paying that price, but a lot of the credit card companies seem to be willing to accept it. And then pass the cost onto us, that is.

For years I didn’t have credit cards, then I bought a house, built my credit back up to a respectable level and started to get more and more cards. I’ve cut several of them up in the last six months, and the news from the last few days makes me seriously think about cutting up the last few I have. Right now, the convenience outweighs my natural inclination towards paranoia, but the ease of use is becoming less and less appealing. After all, the same credit card that allows me to buy toys so easily could also allow the bad guys to ruin my credit easily. And identity theft isn’t like the theft of a material object; I could replace my car in a couple of days, but replacing my good name and credit could take years, if not decades.

Now this is ‘hacking’ in the sense of making technology work for you! Last week Eric Bermender from Industrial Light and Magic gave a presentation on how ILM uses a single image on their file servers to boot over a thousand servers for use in their rendering cluster. The systems have no real file system on the hard drives, instead they boot via pxe, copy the files that have to be writable to a RAM disk and use the hard drives as swap space. Eric says there was a long, iterative process of ‘boot, pray, fix the problems, repeat’, but that once they got everything working, it’s been worth the effort.

I believe this may be the future of computing in a lot of areas where you need a lot of computing power. Apparently, under the old ILM system, each server had to be individually built, patching was a nightmare and troubleshooting even worse. Now, if they have a software problem, it’s very apparent since it’ll affect the whole cluster, and hardware problems are obvious since they only affect one system. If they need to patch the systems, they only need to update the base image and every system in the cluster automatically picks up on the patch. Pretty slick stuff.

I finally got a chance to read the HRS paper by Watchfire, and I have to say I’m a lot less concerned about this vulnerability than I was before. I’m not saying this isn’t a real vulnerability, I just think the applicability of this set of vulnerabilities is minimal. You won’t be seeing a worm or virus based on this paper. If it’s seen at all, I expect it will be in a tool used by hackers targeting a specific site or set of systems. You have to know too much about the system you’re attacking for this to become widely used.

If you want to see if you’re vulnerable, just go straight to the back of the paper. On one of the last pages they have a listing of the different proxies and web servers they were able to make this attack work against. I agree with several of the other evaluations I read: if strict protocol filtering was used on the proxies, this wouldn’t be an issue.

From Russia with Malware

Here’s another article on the cost of a botnet. This ‘business’ is paying $61 per 1000 infected systems to hackers. They, in turn, use the infected systems to create hits on ad servers as if they were referalls from the host network. This nets the Russian company a few pennies per hit, and multiplying the money they spent by a ‘guesstimate’ of 6. I wonder how they came to that number?

Luckily, the fix is pretty easy: block 81.222.131.59. Of course, this only takes care of this company. What happens when this becomes a common practice in the malware community?

HTTP Request Smuggling

It’s Monday morning, and the second cup of coffee hasn’t quite kicked in yet, so I haven’t been able to focus long enough to read this paper just yet. Basically, this is an attack that takes advantage of the way different systems interpret HTTP request to slip an attack packet past your defenses, poison a cache server or hijack a system’s credentials.

I’m a little concerned because people on several of the mailing lists I monitor say they’ve already been seeing this kind of traffic for several months. Anyone have a Snort sig for it yet?