Monday, March 17, 2008

State of the Media

This is more of an opinion blog than anything else. However, if I have noticed any trend during all the research I have done for this class, it is one of utter silence from the US Media. I have no fondness for media to begin with, but the complete lack of coverage for cyber attacks, theft, vandalism, and open hostilities is appalling. I would imagine that an attack on our government's nexus of military control would get a little more attention. And of widespread attacks on financial institutions? 30 second blip in the morning news.

Granted, some news agencies do have a section on information security, but I don't believe they are doing enough to make the public aware at just how vulnerable the country's financial and defense data is. I believe that more public knowledge would lead to outrage, not panic, and that congress would be forced to step up funding, and follow Bush's lead to strengthen our data and networks from cyber criminals.

IFRAME Attacks

A week ago, hackers began a scam to redirect people from hundreds of thousands of sites, to malware infected sites. These attacks began one week ago, and continue, expanding at a steady pace. The hackers are utilizing IFRAME injections, and have so far infected 401,000 pages. Experts believe that this is a staging point for a massive, widespread pharming attack. However, the attacks seem to be originating from the Russian Business Network. (source)

This is a perfect example of why Eastern Bloc countries are so dangerous. With most of the worlds malware and illegal sites being hosted in countries that are out of the reach of US and NATO law enforcement organizations, there is little we can do aside from blocking all web traffic that originates in that side of the world, and place a full scale embargo on them to make US credit card and bank numbers far less appealing.

Also, these unified attacks match the description of an act of war to the letter. It weakens our country's infrastructure, endangers the wellbeing of US citizens at home and abroad, and undermines US Military intelligence. I would not be surprised if these actions cause a full scale war in the future.

Monday, March 10, 2008

China waging cyber war?

This week, the US Military declared China a "cyber threat" and says they are continuing to wage war in cyberspace using a doctrine of "non-contact warfare." (Source is here). This comes after Germany's accusations in August that the Chinese military sponsored attacks against computers owned by Germany's top officials. In December, the UK's Mi5 warned corporations to be cautious of Chinese attacks.

These recent attacks have convinced the Bush administration to allocate $30 billion towards securing federal networks over the next five to seven years.

The world seems to be getting increasingly suspicious and edgy about China these days, and it is not surprising, considering their recent ability to knock satellites out of orbit. This capability, combined with information garnered from penetration of defense and intelligence networks, would give them unparalleled first strike capabilities.

Armies from developed nations in the west and Europe rely heavily on satellite communications and guidance system for munitions deployment, early detection and warning, and logistical commands. This is compounded by market and financial infrastructure that is entirely reliant on computer systems and networks with national and global communication.

Considering China's move to firewall their entire country and strictly regulate all information into and out of the country, they have much to do if they intend to ease the minds of the rest of the world.

crack wifi with the easy button

So I was browsing the backtrack forums, and someone had a link to this little gem:

I should mention that:

A) This is illegal. We're talking 3 years in prison illegal.
B) If you have to download and use that program, you deserve to spend 3 years in jail. And a darwin award.

Sunday, March 9, 2008

Hacking DNA

Oddly enough, the face of Network and Data Security may be changing, and rather grotesquely. Because DNA works in much the same way as machine language, researches have been copying software hackers for methods of reverse engineering genetic code. Probably the most frightening aspect is that virus fabrication costs as little as $20,000 for a complete setup. The code for viruses can be found all over the internet, and run through a DNA synthesizer. Because of the basic nature of a virus, it is the equivalent of a script. It does not need to be compiled, and can even be self executing.

The synthesizer works by printing enzymes for the viral protein onto an organic media, much like a inkjet printer squirts ink onto a sheet of paper. Once the code is completed, the virus actually pulls together into a living organism.

Thanks to advancements in computing technology, and a little hacker know-how, there are high school programs popping up world wide which allow students to do just this.

This video shows a
conference on hacking biology.

I believe that a field of information and data security in the future will include bioinformatics.

Saturday, March 1, 2008

joys of patching Vista

I decided to go ahead and dual boot a copy of Windows Vista Ultimate on my computer. First thing that I noticed was the distinct lack of options. You have... format and install. Thats pretty much it. so I installed it on a partition I had already made with windows XP. It more or less installed okay, and there were no serious problems.

So I start to download and install security patches for it. They seem to install okay, but when I restart Vista, it goes something like this:

configuring update 1 of 3... (wait 10 minutes) updates are configured incorrectly, reverting changes. Will attempt again at startup... (wait 10 minutes for changes to revert)... BLUE SCREEN OF DEATH!!! Restart computer manually... cmos errors out... no keyboard present... reboot again... error out again... unplug power supply and wait a few minutes, reconnect and power up... cmos is reset... reconfigure cmos correctly and restart... configuring updates 1 of 3 (wait 10 minutes) updates are configured incorrectly, reverting changes... shutting down... pops into login screen (without shutting down)

So I log in and check the updates. It says they are all installed, so I try to install another round of updates. Programs that require the updates that are "installed" refuse to run, claiming that the updates are not present. Yet the software manager in vista claims they are in the registry.

I spent the next 2 hours trying to get the security updates to pull through and install correctly, but failed every attempt.


I do a google for the problem, and find that this is not an isolated incident, but many other people seem to be having trouble getting updates for vista, and it is linked to 2 problems.

1) Vista not running the patch with administrator privileges
2) double byte characters (such as kanji or other foreign languages).

I am going to reinstall Vista Ultimate in case the memory dump during patching corrupted the OS, and try again. I will also try to get some screen shots of it.

Overall, my opinion of the OS is very very low. Out of the ~6 hours I spent with it, 2.5 hours was spent failing to patch, 1 hour was spent recovering from lock ups and crashes, 1 hour was spent digging through drivers and programs to find compatible software (MSN only the latest version of MSN Live Messenger will run on Vista, it isn't pre-loaded, and it crashes on startup so you have to manually restart it), and another 1 hour was spent trying to find fixes for everything that doesn't work. The 1.5 hours I spent trying to learn the OS left me with a bittersweet taste. I feel that most of the changes were unnecessary, and only make the OS more confusing.

I'm assuming that most people will disable the program warning feature, and run as administrator as they do in WinXP, completely defeating the purpose of Vista's only true security improvement over XP.


After reinstalling vista, and adding one driver at a time, I was able to keep the OS stable. The problems have been minimal so far, but I have noticed that downloading and installing updates takes far longer on vista than it does on xp.