Funding Breakdown for SOPA

With SOPA, PIPA, and ACTA still looming, I have been coming across lots of ways to gain access to websites during a government shutdown of the internet.  Everything from dial-up modems to creating a mesh wireless network for communicating with others.  In the event of a DNS shutdown, all sites that have a dedicated IP address will still be reachable.  All you have to do is enter the IP.  Here’s an emergency list of IP’s for such a situation:

At least this register isn't empty...

As most PC users are aware, one of the first steps you take when connecting that spanking new gaming rig to the internet is make sure you have installed and configured a firewall to safeguard your system and connection from unwanted intruders.

Apparently, for approximately 200 small businesses, including at least 150 Subway franchises, whoever set up their Point-of-Sale (POS) systems was absent the day they taught Network Security Basics in school.  Over 80,000 customers had their credit card information stolen in a scam dating back to 2008, according to recently released court documents.

The culprit:

POS systems with open internet connections.  All the hackers had to do was run a simple port scan to find a way into the system, then they set up their trojan to collect and dump the data periodically.  Voila, free money.  Well at least until they got caught.

POS systems are actually supposed to be secured according to standards set forth by the individual card vendors, such as Visa and MasterCard, although there is a trade group, PCI, which has some basic standards in place, but no methods to ensure compliance.  PCI states that vendors should have two factor authentication in place if they accept swiped transactions, something that most likely would have prevented these attacks.

Think about this kind of stuff the next time you swipe your card to get that $5 footlong, and be vigilant in checking your account statements frequently to detect any fraudulent transactions.  Be safe out there kiddies!

For more info, check out:

https://www.pcisecuritystandards.org/index.php

and

http://arstechnica.com/business/news/2011/12/how-hackers-gave-subway-a-30-million-lesson-in-point-of-sale-security.ars

An example of a botnet used for email spam

I get this question a lot from less technical users.  Why do people make computer viruses?  Well, to start, traditional “viruses” only account for a tiny fraction of malicious software infections.  A good catch-all term to use for malicious software is “malware”.  So, why does malware exist in the first place?  I have found that a lot of people just assume that malware is produced by devious hackers who have nothing better to do than mess people’s stuff up.  It’s often viewed by less technical users as little more than digital vandalism.  It is important to understand why malware is out there.  It does serve a very practical purpose to criminals (and government agencies).

In order to understand the root of the malware problem, a good place to start is with Botnets.  A botnet is a collection of compromised computers connected to the internet and maliciously networked together.  They are then used by the controlling criminal (or government agency) to direct cyber attacks on specific targets.  It helps to think of it like a farm of zombie computers that are controlled by malicious users to do their bidding for them.  This allows the attacker to have a lot more fire power than just one computer could provide.  It also allows the attacker to be masked behind this army of zombie computers and makes it more difficult to identify the guilty parties.

Some of the different attacks that botnets are used for are denial of service (DoS), Email Spamming, click fraud, fast flux attacks, brute force password attacks, online gambling fraud, and many more.  The flexibility and fire power that comes with a botnet makes them incredibly dangerous.

Botnets present a powerful reason for even the most technical users to protect their computers from malware.  Make sure that you have real time malware protection installed on your computer.  As always, the very best form of protection is to browse smart.  Don’t just click on every link that you find…there are a lot of dark alleys on the internet filled with software just waiting for you to become click happy!

trying to keep up with the latest buzz on our new girlfriend, Siri…. it turns out that she will let anyone use the voice activation feature on your new iPhone 4s, even if you password lock it.

Click on the above link to follow the steps to fix this little glitch.

Fancy Graphic!

Co-Authored by “Beef Supreme”.

Internet Control Message Protocol (ICMP) is a required protocol tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or mis-operation. Of course, since ICMP uses IP, ICMP packet delivery is unreliable, so hosts can’t count on receiving ICMP packets for any network problem. Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks.

IPv4 uses a 32-bit addressing structure, which means that 4.3×10^9 addresses (2^32) are theoretically possible, although as we know many addresses are reserved for alternate usage. IPv4 addresses are divided into 4 octets, although they are more commonly expressed in dot decimal notation, for example 192.168.0.1. IPv4 addresses are divided into 5 classes, A through E, and each class is assigned to a certain type of business or client or type of usage. IPv4 addresses are commonly converted to website or domain names, which requires the use of DNS, or Domain Name Systems, to translate between numeric IP addresses and their corresponding domain names.

By contrast, IPv6 is a relatively recent standard. It uses 128-bit addressing, which means that a theoretical 3.4×10^38 addresses are possible under this scheme (2^128). To put that in perspective, the standard subnet in IPv6 contains 2^64 number of IP addresses, or the square of the total number of IPv4 addresses possible. IPv6 addresses are written as 8 groups of 4 hexadecimal digits separated by colons and still makes use of classes and DNS.
So, why do we need all of this change? Are we worried about security with the new IPv6 standards? According to Gordon Moore, co-founder of Intel, technology grows at an exponential rate. Moore’s Law, as it is now know, says that the number of transistors on a chip doubles every two years. This theorem has also carried over to other areas of technology growth. Technology guru Ray Kurzweil says that all technological change follows an exponential curve, an idea he fleshes out in the Law of Accelerating Returns, and it has been very apt for IP addressable devices as well. In fact, the last blocks of IPv4 addresses will be allocated by the end of this year, meaning that we exhausted the pool in just 22 years.

IPv6 has other advantages as well, other than just more addresses. Due to the exponentially larger address pool, IPv6 will allow the continued roll out and development of packet-switched technologies into areas of the world which are not currently supported. It will allow billions of new devices to be connected quickly and easily, everything from smartphones and tablets to your new car. It has built-in support for mobile devices through Mobile IP. It is also more secure than IPv4 because it has been designed from day 1 to incorporate IPsec from end to end, with a much more robust ICMP standard.

With regard to technology, IPv6 is different from IPv4 in two major ways. The first is that the ping sweep or port scan, when used to examine the hosts on a subnet, are much more difficult to complete in an IPv6 network. The second is that new multicast addresses in IPv6 would not enable a hacker to find a certain set of key systems (routers, servers, etc.) without some degree of difficulty. Beyond these two differences, sweep techniques via ICMP in IPv6 are the same as in IPv4. Additionally, IPv6 networks are even more dependent on ICMP to function properly. A network that ordinarily required only the sending of 256 scan probes now requires sending more than 18 quintillion scan probes to cover an entire subnet. But even at a scan rate of 1 million probes per second (more than 400 Mbps of traffic), it would take more than 28 years of constant scanning to find the first active host, assuming the first success occurs after iterating through 50 percent of the first 1.8 quadrillion addresses. If we assume a more typical subnet with 100 active hosts, that number jumps to more than 28 centuries of constant 1-million-packet-per-second scanning to find that first host on that first subnet of the victim network. So, with the newer ICMP standards, the limitations are generally with the IP traffic flow and not the coding itself, making IPv6 a more secure option in addressing scheme.

Thank You Steve

So.
Here’s a little something different, in the wake of the passing of Steve Jobs, and the product wars between Amazon and Apple.
The following are actual posts I wrote for one of my classes (online portion) I’m taking this semester. We have to discuss cybersecurity topics weekly for grading and to share ideas about the current state of cyber security tech in general, so I figured I could provide some entertainment, especially since I have been so ridiculously occupied to not have written anything in quite a while. Enjoy.
________________________________________________________
The question:

A recent security report has identified three “tectonic forces” of change: the technologic shift (the proliferation of mobile and connected devices), the economic shift (the virtualization of operations), and the demographic shift (the role of collaboration and social networks). Each of these forces can have a significant impact on IT security. Use the Internet to research these changes and how they could impact security. Summarize your research/findings as your forum post.
______________________________________________________________
My response:
Cisco’s 2010 report on the tectonic forces of change presents many points for consideration. I am going to start with the demographic aspect of this concept. Social networking and similar forums are fast becoming the chic, en vogue method of connecting people in this day and age of instant gratification. Only the newest, hippest, slickest method of status updates, media and photo sharing seem to be keeping the interest of the public. In relation to security, there are thousands of opportunities for privacy and security to be compromised. Some examples are as innocent as advertisers farming our personal data via Facebook, grocery shopping club memberships, or our Twitter feed in order to find more opportunities to make money. Or they could be as dire as brute force attacks directly on any account we have to log into for access, such as our Netflix, Amazon or ESPN Insider. It gets even worse for those who are not as experienced or internet –savvy, because they are more likely to click on pop-ups, post information without realizing the potential risks.
The economic shift is definitely leaning towards virtualization of major computer and network operations. As companies grow, and more people are conducting business online – the need for more power, more bandwidth, more access points grows along with them. Cloud computing and virtual machines are a growing trend. Google Inc. and Microsoft’s Azure are examples of popular cloud services, which would enable businesses to operate with less hardware, from more places and wider collaboration. Which also presents wider security risks, as the need to increase cloud security expands daily, almost hourly.
The technological shift has a great example that occurred earlier this year – the last block of IPv4 addresses were released for distribution, making the need for IPv6 addressing active. This means with so many active URLs and web addresses being used and introduced daily, more people going mobile with smartphones, laptops, tablets & Blackberry units, the opportunity for attacking the networks and the circles of access surrounding these points becomes wider. IT security needs are constantly changing more to human error than tech hardware error – Google’s previously unhackable Chromium platform and the “CR-48” cloud laptop project was in fact, hacked in April 2011, after the DefCon black hat/white hat challenge to do so was presented. Not long after, the Apple Mac OS platform was also hacked, exploiting several vulnerabilities in the iPhone and Snow Leopard software code from people who were attempting to jailbreak their cell & internet access points from their iPhones to use carriers other than AT&T and Verizon.
________________________________________________________
Question:
Why is the speed of attacks making the challenge of keeping computers secure more difficult?

My response:
Most cybercrime attack teams or individuals have lots of free time to dedicate themselves to finding new ways to break down security, or are able to network and gain the latest tools and scripts to concentrate their efforts, so if there are a 1000 attackers working on exploiting a breach on 1000 different computers, it has been estimated that it would need 10 IT security techs working against every 1 attacker or something really ridiculous like that – forgive me, I forget the exact proportions, but that is the general idea.
___________________________________________________________
Question:
Discuss why delays in patching are making information security more difficult.

My response:
Because most developers are on a fast pace to release software to keep up with retail demands and profit margins, often times the code is not fully tested for security integrity, so that the patches come post-release – however, the hackers & attackers anticipate that lag time and are able to focus exclusively on breaking through the vulnerabilities immediately.
____________________________________________________

http://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_mid2010.pdf

The law on this is not just fuzzy.  We’re talking 100%-genuine-Muppet-skin, lumberjack-who-hasn’t-shaved-in-a-month, analog-TV-reception-in-a-hurricane level fuzzy.  The Digital Millennium Copyright Act (DMCA) says it is illegal “to traffic in wares meant to circumvent devices protecting copyrighted works.”  This is the same law that was used to prosecute XBOX360 modders in California last year, a case that was ultimately dismissed on a technicality.  This means that a firm could potentially sue many so-called White-Hats who uncover and publish security flaws.  It effectively eliminates the right to Free Speech when it comes to security research online.  In stark contrast to the DMCA, the U.S. Copyright Office effectively legalized jail-breaking your iPhone last July, says owners had the right to run any application of their choosing.

Sony’s case has already been dealt a pretty harsh blow.  Sony tried to argue that the California courts should have jurisdiction in the case since Hotz used a PayPal account, and PayPal’s headquarters are located in California.  They also said that because Hotz had agreed to the Playstation Network’s Terms of Use Agreement, the California courts had jurisdiction over that portion of the case as well.  However, the Federal judge reviewing the filing isn’t so sure.  Judge Susan Illston said that if PayPal was the standard, the California courts would have jurisdiction over practically the “entire universe”, a concept she was not at all comfortable with going forward.

For now, it appears the case is in a holding pattern.  The court did not rule on Sony’s request for a temporary injunction to remove the jail-break from the web, which would be an exercise in futility that would make Sisyphus’ task seem effortless.  The court also delayed on the question of jurisdiction, but combined with the recent precedent of the iPhone, this case is on very tenuous legal ground.

Read more:

https://www.eff.org/deeplinks/2011/01/sony-v-hotz-sony-sends-dangerous-message

Electronic Frontier Foundation blog post about the case

http://www.geohot.com/

Geohot’s homepage, complete with links to all the legal paperwork

http://www.wired.com/threatlevel/2010/12/crippen-dismissed/

XBOX360 Mod case dismissal

http://www.wired.com/threatlevel/2011/01/playstation3-hack-lawsuit/

Wired’s coverage of the case

http://arstechnica.com/gaming/news/2011/01/sonys-options-are-limited-in-face-of-ps3-jailbreak.ars

http://arstechnica.com/gaming/news/2011/01/sony-dealt-blow-in-ps3-hacking-case-over-jurisdiction-question.ars

Ars Technica weighs in

Free is an amazing word! I decided to compile a list of 100+ of the very best free apps for Windows, Mac, and Linux. Not all of the free apps listed work on all platforms…so make sure to look into it on your own. This list is broken down into 11 pages. Each page accounts for a software category. Feel free to leave additional free apps that you like in the comments!

Categories:

• Web Browsers
• Anti-Virus/Security
• Graphics/Photos
• Media Players/Converters/Streamers
• Bit Torrent Clients
• Programming/Development
• FTP/SCP/SSH
• System Tools
• Chat/Messengers/Social
• Archive Management
• Productivity

Has this ever happened to you? You go into your favorite cafe (with free wifi of course) and order your coffee. Then, after paying for the coffee and maybe a muffin, you sit down and open up your laptop. To your total disappointment, the wifi connection doesn’t seem to have ANY internet connectivity! BLAST! What a waste of 5 bucks, right? Well, not necessarily…

At this point, you should ask yourself a few questions.

• Am I connected to the Access Point?
• Have I been assigned a private IP address?
• Can I reach the Access Point via web browser?

So, let’s assume the answer to question number 1 is YES…I am connected to the access point with a good signal! Now I need to know if I have an IP address.

In Windows, open a command prompt and type:

ipconfig /a

…In Linux or Mac, open a Terminal and type:

ifconfig

There are other ways to find your IP, but these work just fine. The private IP address will likely look something like 192.168.1.xxx.

Next, take that IP and change the last part (xxx) to 1. For example, if it was 192.168.1.193, change it to 192.168.1.1. This is the gateway address. Now, let’s try entering that gateway address into a web browser. If you are prompted for a username/password that’s good news! That means that the Access Point has port 80 open and is running a web server to allow web based configuration. Look for a model number or company name in the window asking for a password. If it’s something like WRT54G, that is a Linksys and the default username and password are both: admin.

If you can’t get in with a default username/password, you should probably just move on…unless you want to try something more advanced of course. :)

Once you ARE logged in though, you can do some things to get the free wifi working again. Release and renew the public IP…reboot the Access Point. That combination will fix a lot of connectivity issues!

Have Fun!

https://bugs.launchpad.net/nubuntu/+source/apt/+bug/56125