|
|
|
Real Industry News.
|
||||
| LOL, Forums! | Industry News | Code Stuff | Papers by Schlzm | Media |
| 2007 Archive |
Not all news will be posted here, more news can be found in the forums.
|
As the seventh anniversary to the tragic attacks on September 11, 2001 came Al-Qaeda was preparing to release one of its
typical propaganda videos to the internet through their media wing known as Al-Sahab, which had been prepping for the
release through banner images posted on their site. However no such release ever surfaced. This is due to the actions of
a few hacker groups who have been waging a little known internet war with the terror group and its supporters. While the
methodology used to prevent the video release is as of yet not being released it is certain that a combination of the
electronic espionage coupled with the suspected death of Al-Sahab's webmaster, Adam Gadan, prevented the release to the website.
It should be noted however that the story doesn't end here. While the Al-Sahab site was unable to get the video uploaded and published this generally would not have stopped AQ from getting their distorted message to the world. This has been proven in the past by their use of the popular Mid-Eastern news agency Al-Jazeera. However the video never made it, which leads one to believe that the information was probably altered or destroyed before it ever reached AQ friendly servers. This appears as though the anti AQ groups have been able to penetrate deep into the information lines and potentially disrupt communication channels between AQ members across the globe, among other things. This however isn't the first time that information warfare has been made public between supportive third parties of either side. Many defacements in multiple countries have occured carrying the jihadist message right along with pro Western messages on extremist sites. However one of the more notable instances occured back in 2004 when the websites of Abu Musal al-Zarqawi were taken offline by the group known as TeAmZ USA along with AQ's inability to release a subsequent anniversary video. Also last year Washington released a video taken by AQ two days before it was meant to be showing that we had control of their commmunications systems and that their internet anonomynity was no longer guarenteed. While I am sure there will be some backlash from AQ's supporters, it goes to show that the Western World is sick and tired of the terrorist actions of AQ and their supporters and individual groups are starting to take the fight to their doorstep, or at least to their netblock. Some information for this story was gathered from, The Hindustan Times |
|
After a news release to the Associated Press, Link,
that was linked to on Drudge Report, internet search engine startup
CUIL (pronounced Cool though it looks like Quill), so far is not living up
to it's claims of being a competitor to search giant Google. After making the claim that Cuil had more sites in its index and
requiring less resources than Google to operate it appears that they have bitten off more than they can chew. I performed a
quick search of the terms "lol programs" just to see and Cuil quickly returned that it could not find any sites that met the
search criteria (while Google returns not only this site as numero uno but an additional 4.7 million hits). After being shot
down on my initial search I then decided to try a few other terms that I knew should give something in return only to find
Cuil stuck with its wheels spinning and unable to provide any type of return or messages in a timely fashion.
Now while it is entirely possible that Cuil just happened to be caught off guard by the number of curious people wanting to check out the new search service on its zero day. I was after a few more tries able to get a search term to return something and have to say I am not exactly impressed by either the relative speed of the service or its layout and return methodology. The default layout for search returns is three columns that don't line up cleanly or provide very organized site information. Also a little image is thrown next to the descriptive text that appears to be grabbed at random from the site in question and is sometimes useful but generally is unrelated such as a hit counter or random stock image. It also appears as though Cuil is beholden to some sort of sponsorship program at the moment since after performing a few random word searches I found the first page cluttered with multiple hits from the exact same site that didn't always return the exact phrase or words that I had punched in for the search. All in all I would have to say Cuil is talking a big game and struggling to live up to it at this point in time. Though the people behind the project aren't newcomers to the search engine game and do appear to have very big plans with Cuil so a little more time for the live kinks to get worked out should be allowed, though if it can actually become a viable contender to Google is still to be seen. The major question now I think is if Cuil is going to try to take Google on at all fronts or just go the way of other supposed contenders like Ask.com and simply become another niche service used by zealots. |
|
According to information released by CERT today, a serious flaw in the Domain
Naming System could allow an attacker to perform ARP and DNS cache poisoning to
control all internet traffic. The flaw in the major DNS systems that run the entire
internet has been known for several months now to both industry insiders and
security specialists, though kept quiet due to fears that an
exploit could be developed if information about the flaws were leaked. Through
the use of a team of industry heavyweights and organizations a patch has been
released today that is expected to resolve the issues and prevent massive data
redirection of internet and email traffic from occuring.
The massive joint patch has been generated by hardware, firmware and software manufacturers that maintain current traffic management systems. The major concern was that a clever attacker would be able to perform a massive phishing or data theft operation by exploiting the DNS flaw and directing traffic to spoofed sites of legitimate companies such as banks and credit cards. This redirection would allow the attacker to gain access to sensitive account holder information that could then be used to either alter account holder information or sell that information to identity thieves or carders. In addition to the potential damages against individuals it could be possible for sensitive corporate or governmental data such as email to be redirected to external servers and systems. This data redirection could expose highly sensitive internal information about companies and federal agencies that could then be sold to rivals or foreign intelligence agencies, exposing insider and state secrets. The updates that have been developed are set to automatically roll out and patch the affected systems, though some software such as Microsoft Windows will need to be updated either manualy or through an automated update service configured on the system. It is CERT's goal to maintain the alliance that has been built to continue to stay up-to-date on emerging threats of such a large scale and continue to roll out patches and fixes as flaws and exploits are discovered. |
|
Last week a company based out of Singapore, Vuestar Technologies, made the bold
claim that it held a patent covering what it is calling "internet searching via
visual images". In its claim Vuestar is affectively claiming that any site that
uses an image to link to another page or site must aquire a license of use and
pay them fees pertaining to the license.
While the request for payment has so far been contained to companies based out of Singapore, the patent claims (filed under patent number 95940) have been granted in Australia, New Zealand and the US. This is just another in the string of recent claims by companies of owning certain standardized technologies and methods used around the world as either an existing patent or through intellectual property rights. While it is highly unlikely that every single website that is hosted in the four countries will be required to pay fees based on this claim, it punctuates the increasing levels of corporate greed and money grabbing. In most cases the companies making these claims will level charges against smaller and easily intimidated companies that are more likely to settle rather than go after a heavy hitter that is capable of fighting back through the courts. While I am not for the government getting involved in every little aspect of our lives, I think it may be appropriate for options to be available to smaller organizations in the event they are threatened with legal action that may or may not be factually legal or hold any standing. I doubt we could gather the time and resources needed to defend my right to use publicly available tags to imbed images for linking purposes, but I know that we would not just bow under to a threat such as this because the ability has been present since linking and images were capapable of co-existing in page source tags. |
|
According to an Associated Press report, written by Dibya Sarkar, Google co-founder
Larry Page has taken his distrust of Microsofts attempts to buyout Yahoo to a DC
think tank forum hosted by New American Foundation. While Google chief executive
Eric Schmidt is the chair of this think tank he was not present for Mr. Page's adress.
Page voiced his primary concerns that if Microsoft is successful in their purchase of Yahoo that innovation and creativity in the internet realm would be severly decreased. We here at lol, Programs think that a potential merging of the two companies would in fact spurr very large and rapid creativity in the realm of internet email based spam and exploits. With Yahoo being a top target for most spammers and Microsoft being the worlds electronic punching bag a successful purchase or merger could actually create a domino affect through out the cloudy world of internet compro-pros causing major mergers between specialized programmers and target specific mailers. When questioned about potential business agreements in the works between Google and Yahoo, Mr. Page clarified that whatever the outcome no anti-trust laws or other violations would occur. Also covered during his trip Mr. Page stated that Google was intending to use its newly purchased frequency ranges from the FCC auction earlier this year to provide affordable high speed internet to rural and remote customers along with pushing to increase mobile computing capabilities provided via wireless companies such as Verizon. |
|
The FBI has recently broken up a counterfeiting ring out of China that was involved
with selling potentially compromised systems to Federal and DoD agencies, to include
the FBI. This networking equipment is seen to have potentially been altered to allow
for undetected backdoor access to networks they are attached to, which in this case
could mean leaking sensitive information to competitive governments. Adding even more
validity to the World War 3.0
concern.
While the FBI is concerned about the financial ramifications of such counterfeiting efforts, researchers are citing the threat of espionage and data theft as a prime motivator in the practice, even going so far as to pointing to a report released about just such an incident that occurred in 2005, report. Due to the potential damages caused by such efforts the FBI is wanting to hold equipment manufacturers and resellers to higher and stricter standards when dealing with such fraudulent equipment, however industry insiders state that keeping current market forces in the loop is required to prevent costly fallout in the global market. |
|
Angered over CNN reports and remarks about the recent protests and violence in Tibet,
Chinese hacktivists launched a half-hearted assault against CNN web servers throughout
the week managing to slightly deface a few of the Sports Illustrated archives and
cause some overall noticeable sluggishness from the site as a whole.
Reports that have become available show that two or three semi-organized groups orchestrated the attacks with the help of voluntary botnets alongside a general call for users to just flood the servers with download requests. While not actually accomplishing full denial of services, network monitors did notice slow response times with a peak of around 100ms above average alongside sporadic access from the Asia-Pacific regions. While in comparison to recent coordinated attacks this peaks the scales at right around laughable, except for the fact that this might mark the first time a government has backed such a public effort. While it is no secret that the Chinese government, or most governments for that matter, are actively engaged in compromisation attempts on a daily basis, they tend to be reserved for more strategic targets that would garner them a tactical edge on both the political and business world stages. The very overt methods and publicity of the recent attacks however give us a new insight into the minds of the state sponsered types of coordinated efforts and what actualized computer and cyber combat may look like. Since this is a subject being brought up more often in both the federal and private sectors I will begin a running commentary in the Security Forums about the matter and how it has evolved into more than communications limiting into complete infrastructure meltdown or worse. This will be an opinion piece but I will take every step I can to reference solid data on the subject and invite insight from anyone interested. |
|
With the impending doom that will be Microsoft no longer supporting what has been trumpted as its
best operating system ever come June 30th of this year, one man made the decision to stand up and
say something about it. Galen Gruman who is a long time technologies journalist and trend follower
inadvertently started a trend of his own when he started the Save Windows XP petition in January.
Since then he has gathered more than 100 thousand signatories to his cause and hopes to gain even
more before the June deadline places XP out of the support cycle.
While I have some experience with Vista Ultimate x64 edition, I still feel that the best option for both home and business Windows users is XP as well. And hopefully we can get the word out to enough like minded individuals to sway M$ from pulling the only system that people actually like from store shelves and their support lines. Join the hundreds of thousands of people in helping keep XP alive until either Vista becomes a viable OS or M$ comes out with a stable build, much like XP being pushed after the calamity known as WinME, lets have some stability and usability out of an operating system. Save XP! Sign the petition! |
|
Security writer for Network World, Tim Greene, has released the top ten threats companies need
to keep an eye out for. These are based on tried and true methods as well as evolving technologies
that may be exploited due to their relative youth and administrative ignorence in their configuration.
I will not be re-hashing this article due to its original size but will provide a quick list of the
threats with a short description and then a link to the full article.
1: Virtual Host Security: Virtualization causes new troubles for maintaining order in a fake world. 2: Virtual Machine Monitor: Keeping the real system that manages the fake ones secure is critical. 3: Botnets: Known by many different names, ever growing botnets can ruin your day. 4: Targeted Attacks: Keep your resources hidden to prevent them from being lusted after. 5: Gaming and Virtual Reality Attacks: Don't let your users play games or virtual worlds at work. 6: Browser Threats: Limit where your users can browse to, keep security up to date. 7: Mobile Browsing: Phones are just pocket sized computers, educate users. 8: Lost Mobile Devices: Laptops, PDA's and SmartPhones are goldmines, protect them as such. 9: Insecure Web Apps: Balance availability, usability and vulnerability. 10: Rust-out: Funky new term for keeping yourself up-to-date on what the threats are. The full article can be found here. |
|
Almost a year after the tiny country of Estonia was DDoS'd, yes the entire country
(Original Story),
the powers that be in Europe have decided to drop the hammer on "cyber crime" and attempt to introduce standards to
the 26 member NATO this week. The Convention on Cybercrime is a binding treaty ratified by the 47 member
Council of Europe that is intended to protect users from common forms of online criminal activity such
as fraud or having their systems compromised by hackers or viruses. Also attached to the treaty are
provisions covering other online activities such as child sexual exploitation and terrorism and how
evidence is treated in related cases.
The NATO convention will include industry speakers such as Microsoft and eBay alongside security companies McAfee and Symantec and industry insiders from the US and Europe. The main part of the summit will be to decide the verbage of the treaty and expand it to include pertinent areas while at the same time ensuring that primary focal points of the cyber world and the many threats it can carry are covered and addressed properly, which will be the subject of some hot debate it seems as many of the attending nations feel that differing threats require more attention than others. The Associated Press Article can be found Here. |
|
A representative from Kentucky, Tim Couch, has decided to file a bill last week that would require
website owners to remove the ability for their users to post messages anonymously. The reason,
according to Couch, is that he feels there is too much bullying and otherwise misbehaving going on
in regards to internet message boards, forums and communities. It appears as though he has had his
feelings hurt at least once too many since his bill would require persons wishing to post a message
on any website to register with their full name, street address and email address and that every posting
would have that information attached to it. He claims that having these requirements would reduce the
number of online abuses by random persons, which apparently has become a major issue in his Eastern
Kentucky district, though no actual proof or statistics could be found to back his claim up other than
what appears to be flame wars and spats between high school kids and random persons talking crap about
Couch and his policies.
The attempted legislation, House Bill 775 ( found here), is very loosely worded and pretty much impossible to enforce, which has been admitted by Couch himself and is quoted as stating that he wasn't expecting the bill to pass but really just wanted to bring attention to the issue that people can exercise their rights to free speech without fear of recourse over these fine cyberwebs, which includes being mean to other people, or something very close to that I didn't interview him. Also enforcing the law would be nearly impossible since the language of the bill states that service and content providers would be forced to require and ensure that valid information was being supplied for access to their services and that if the sites did not comply they would be fined $500 for their first offence and an additional $1,000 for any subsequent offences. My suggestion to the mean spirited people of Kentucky if this bullshit does get passed is to just get the good Mr. Couches information and register as him! Then we will see if he feels like being accountable for "his actions online" and how long this bill would really last. It is my opinion that "The Honorable Tim Couch", Republican State Representative of District 90 in the state of Kentucky, has very thin skin and dislikes the fact that himself or the government has no control over what people think and say, and according the very few people polled about the issue, the majority feel that this bill would be a violation of the First Amendment. I would like to propose this to Mr. Couch and any of his constituents that think this bill is a good idea and would result in anything other than flame wars being brought to peoples front doors; GET THICKER SKIN, LEARN TO TAKE A JOKE, AND IF YOU CAN'T HANDLE YOUR PRECIOUS WITTLE FEELERS GETTING BENT DON'T WANDER OUT OF YOUR COMFORT ZONE INTO THE SCAWY FOWEST OF MEAN POOPY HEADS KNOWN AS ANONYMOUS INTERNET FORUMS AND MESSAGE BOARDS! For fucks sake people, the world is not all gum drops, lollipops, kittens and rainbows. The internet is a great way to let someone know how you REALLY feel without having to worry about the consequences and if someone wanted you to know their true thoughts on your crybaby douchebaggery they would tell you to your face, so get over it. The internet is full of tough guys, cowards and frauds and that will never change. Feel free to call me out on this issue in our still 100% anonymous forums. |
|
After a recent hearing held by the House Committee on Homeland Security the decision has been made
to boost existing security programs while at the same time move forward with new technologies.
De-Facto CIO for the feds, Karen Evans, recently was interviewed by
Network World about what to expect from
the capitol pertaining to catching up with the modern, secure world.
During the interview several major changes were mentioned that could impact contractors, federal employees and anyone else who feels the need to tinker with a .gov or .mil network. The largest change is the move into IPv6, which in my opinion, could finally spur the rest of the stumbling masses into finally adopting the new addressing scheme and put to rest the worries of limited availability of the old v4 addresses and the costs associated with maintaining them. The second major change is the mandatory implementation of the Einstein IDS for all fed networks. The Einstein system works just like any other major IDS appliance except for a few tweaks thrown in to better manage how traffic functions on a fed system. One major difference is that emergency response teams have the ability to affectively DDoS their own networks by re-routing traffic through a different available gateway if they find something wrong, more than likely onto a trapping system allowing one to self incriminate by being provided with ample rope to hang themselves. Which is where the final major change comes into play. Ms. Evans touched briefly and cryptically on a new expanded role of the National Security Agency in working directly with sysadmins in an effort to "streamline" the readiness and reliability of all networks and systems. What this means is if you don't belong there, don't be surprised when the black Caprice Classics and Suburban's show up in your driveway. Original interview can be found Here. |
|
The well known, yet rarely heard of, hacker group Cult of the Dead Cow has recently released a new
program that makes manipulating the popular search engine Google just that much easier. Known as
Goolag, the app will automate the processes that have been in use by "security minded"
individuals for years allowing for even the newest of newcomers to perform search string manipulation
like a long term professional. While the art of Google-Fu is nothing new and used daily by persons
familiar with Googles code base and api's, it has been a mystery to many who just want the end results
without any of the hard work or knowledge to get there.
However finding those little tidbits of sensitive or destructive information in masterfully crafted search strings might now become commonplace as script kiddies stumble over themselves to put grubby paws on this fresh release. However while many of the White Hat security guys are crying foul over Goolag, their fears might be a little overblown since CoDC, though known for reveling in mischief, does not just throw its information around to anyone and everyone. So for those of you who feel like your artistic talents have just been replaced by a robotic etch-a-sketch, take a deep breath and don't lose too much sleep over this news. By the time Goolag makes main stream it will more than likely have been either broken by Google itself or overshadowed by something new and shiny for the kids to chase after. Yahoo's article about this can be found here. |
|
Well as 2007 passes I find myself unable to update this page with any actual industry news!
This is due pretty much completely to the fact that I am lacking an available and unfiltered
internet connection. Information about this can be found in the forum.
However this should be changing shortly and regular updates will start rolling in, you can count on that!
In the mean time, I can give you some news pertaining to this site and my affiliates etc... I am making some sweeping changes to the site, most of which are all backend code stuff, but there should be some visible alterations to many differing areas. These changes will include major content changes and updates, as mentioned on the main page. I will be working very closely with STG, my partners and affiliates to make sure that the new year provides not only excellent tools, tips and tricks pertaining to the industry but also expanded information on business trends and best practices. Lets keep these nets laughing their asses off with new releases and techniques! --NodeCinja |
