Random bits

4 March 2010

Narus develops a scary sleuth for social media

An invisible quantum tripwire

Aspects of CNCI declassified

IPv6 thoughts from Arbor

“Hackers who breached Google and other companies in January targeted source-code management systems”

Leave a Comment » | Communications security, Networks, Random bits, Science, Security | Permalink
Posted by eqnets

Random bits

2 March 2010

Ryan Singel’s cri de coeur about cyberwar hype is too juicy to merely provide a link. A few choice excerpts:

The Washington Post gave [former DIRNSA and DNI] McConnell free space to declare that we are losing some sort of cyberwar…But that’s not warfare. That’s espionage…Those enamored with the idea of “cyberwar” aren’t dissuaded by fact-checking…[if the DoS attack on Estonia] was cyberwar, it’s pretty clear the net will be just fine. In fact, none of [the commonly cited examples] demonstrate the existence of a cyberwar, let alone that we are losing it. But this battle isn’t about truth. It’s about power…

the problem with developing cyberweapons…is that you need to know where to point them…The military needs targets…Never shy of extending its power, the military industrial complex wants to turn the internet into yet another venue for an arms race. And it’s waging a psychological warfare campaign on the American people to make that so. The military industrial complex is backed by sensationalism, and a gullible and pageview-hungry media…

There is no cyberwar and we are not losing it. The only war going on is one for the soul of the internet. But if…self-interested exaggerators dominate our nation’s discourse about online security, we will lose that war — and the open internet will be its biggest casualty.

On the opposite end of the nuance spectrum: more than 41% of the zeros of the zeta function are on the critical line.

4 Comments | Communications security, Mathematics, Random bits | Permalink
Posted by eqnets

Random bits

1 March 2010

“We must break one fundamental assumption that [the malware creator] relies on: Malware uses replay attacks. In cryptography a replay attack is the re-use of a message to fool an encryption system. No one, today, would forget to add time stamps to their messages; otherwise, an attacker could simpler resend a message and defeat their security…[the malware creator] relies on this very type of attack everyday. If [he or she] has malware code capable of getting control of one machine, then it will also be able to get control of millions of other machines. This is a replay attack on a grand scale. …In order to stop replay attacks, I propose that we change the hardware so they are impossible.”

“Instead of running your websites through the gauntlet, risking downtime from intrusive scans, only to discover you have vulnerabilities just like everyone else — how about making the vendor eat their own dog food. Ask the sales rep for a trial license and permission to scan THEIR production commerce website(s).”

Leave a Comment » | Communications security, Random bits | Permalink
Posted by eqnets

Random bits

23 February 2010

“Understanding what normalcy looks like on your network so you can pinpoint abnormality is what is really important in the current threat environment,” he says. “Don’t trust only your existing security controls, and get eyes on your network.”

“IT security has evolved into a classic broken windows business. It exists to repair things that shouldn’t break in the first place. Furthermore, every dollar that a business spends on Security subtracts a dollar from expenditure on more worthwhile alternatives—product innovation, improved public services, higher salaries, dividends to investors, etc.”

“US analysts believe they have identified the Chinese author of the critical programming code used in the alleged state-sponsored hacking attacks on Google and other western companies, making it far harder for the Chinese government to deny involvement.”

“[Researchers have designed] a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a “metastable state” where its behaviour cannot be predicted. At the end of the metastable state, the contents of the memory are purely random.”

“Cyber ShockWave…featured a number of former US government officials who played the part of senior members of the NSC. The exercise sought to examine how the NSC would react to a major cyber attack in real time…the source of the attack remained unclear during the event…The mock NSC even discussed potentially nationalizing power companies and service providers if they failed to act in the national interest. Ultimately, in the several hours that the war game lasted, the US was increasingly beset by attack with little knowledge of who perpetrated it.” More reaction from Richard Bejtlich.

1 Comment | Communications security, Networks, Random bits, Science | Permalink
Posted by eqnets

Random bits

12 February 2010

Einstein 2: The Revenge of the Signature

Network attack game

“Most U.S. federal government agencies are expected to meet cybersecurity defense requirements by buying managed security services from carriers”

Leave a Comment » | Communications security, Networks, Random bits | Permalink
Posted by eqnets

Random bits

10 February 2010

Snowstorm round-up edition…

PRC busts a hacker ring…convenient timing for a PR-friendly move. But don’t look too soon…

Verizon blocks 4chan

Phishing .gov and .mil

Mobile phone communication patterns

Graphene superconducting at 90 K

Apparently some people think steganography is nontrivial

Hackers steal $4M in carbon credits

Botnet vs. botnet

Iran’s big day: Thursday

Leave a Comment » | Communications security, Networks, Random bits, Science, Security | Permalink
Posted by eqnets

Random bits

4 February 2010

Hacking for Fun and Profit in China’s Underworld

Google + NSA Information Assurance Directorate

“Every user in the world is convinced they need security features, not security procedures.”

Advanced Persistent Threat highlighted by DNI; Mandiant report gives details. Mandiant have coined the APT term, and it’s probably because they deal with that sort of thing constantly: they’re very good at what they do. We hired them for internal test and eval work as well as usability input as our software began taking shape, and I came away impressed. It’s not surprising to see them tackling high-profile events.

Quantum energy teleportation

Leave a Comment » | Communications security, Equilibrium Networks, Random bits, Science | Permalink
Posted by eqnets

Random bits

2 February 2010

“The Internet is a Hobbesian ’state of nature’ where anything goes, where even government attacks maintain ‘plausible deniability,’ and where 80 percent of industrial control software is hooked into an IP network.”

Congressional Research Service overview of cybersecurity legislation, executive initiatives, and options (PDF)

Leave a Comment » | Communications security, Random bits | Permalink
Posted by eqnets

Random bits

29 January 2010

RFID data illuminates London commute pattern

National Ignition Facility success

1 Comment | Networks, Random bits, Science, Security | Permalink
Posted by eqnets

Random bits

26 January 2010

“At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that…were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide”

The fallacy of secure software

More on China v. Google at Information Dissemenation

Reverse templating for spam detection

Picking padlocks

Leave a Comment » | Communications security, Random bits, Security | Permalink
Posted by eqnets

« Previous Entries