Random bit

17 January 2011

“’To check out the worm, you have to know the machines,’ said an American expert on nuclear intelligence. ‘The reason the worm has been effective is that the Israelis tried it out.’”

Random bits

19 November 2010

“Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

Making progress towards finding “a set of floating point calculations [that] can uniquely identify any processor…They can’t yet spot specific processors but they can use this technique to identify families of them…this kind of approach would allow much more specific cyberattacks than are possible today.”

MIRCON and network counteroffensives

13 October 2010

I popped in for a couple of stretches at Mandiant’s MIRcon incident response conference today and yesterday and was struck by a panel discussion on Tuesday about defenders going on offense. The gist was half a) it’s of dubious legality and wisdom and half b) you’ve got be an expert to do it properly. Now politics and economics being what they are, a) will ultimately be irrelevant without a prohibition and b) will govern the dynamics.

I recalled Mandiant’s model: they have a bunch of people constantly working on highly technical stuff in a field that changes rapidly—this level of expertise requires economies of scale. The same is true for black hat hackers: economy of scale drives the less skilled to leverage off-the-shelf capabilities, and it drives the more highly skilled to collaborate on the most demanding projects.

Because defense costs more than offense, “offensors” could benefit from the same economies of scale. I can imagine a future in which people not only pay for but subscribe to offense as a service, where a group of (nominally) white hatters have their own organizations that do nothing but attack designated black hatters, thereby raising the costs of doing malicious business. The economics might work for the white hatters in much the same way it does for insurance companies, and the product would not be entirely dissimilar. If this sort of activity were tolerated by authorities it might often be preferred by many hackers over black hatting, even if the latter gave bigger paychecks. This could further affect the economics in a good way.

If it will make sense for corporations to go on network counteroffensives themselves, it will make more sense for them to outsource that role if they possibly can. And they might end up being able to.

Random bit

30 September 2010

Galrahn has an interesting take on Stuxnet: “Welcome to the future of warfare, where simply planting doubt in the reliability of a system due to a cyberwarfare based malware payload infection is enough to achieve a mission kill against an enemy system.”

Initial software release

24 August 2010

Our free/open-source visual network traffic monitoring software is now available for download at www.eqnets.com. A video of our enterprise system in action and technical documents detailing our approaches to traffic analysis, real-time interactive visualization and alerting are also available there.

Besides a zero-cost download option, we are also offering Linux-oriented installation media for under $100 and an enterprise version of our system with premium features such as configurable automatic alerting, nonlinear replay, and a 3D traffic display.

Discounts—including installation media for a nominal shipping and handling fee—are available to institutional researchers or in exchange for extensions to our platform.

The software can run in its entirely on a dedicated x86 workstation with four or more cores and a network tap, though our system supports distributed hardware configurations. An average graphics card is sufficient to operate the visualization engine.

Thanks and enjoy!

Random bits

1 June 2010

There’s been some buzz (see here and here) over the deputy SECDEF’s comments last week:

“Individual users who do not want to enroll could stay in the ‘wild, wild west’ of the unprotected internet…I think it’s gonna have to be voluntary…People could opt into protection – or choose to stay out. Individual users may well choose to stay out…But it’s the vulnerability of certain critical infrastructure – power, transportation, finance. This starts to give you an angle at doing that.”

The idea that deploying Einstein more widely is anything more than a step towards a government-sponsored security monoculture escapes me. There is no way that this will get any real traction because it’s not like the USG can credibly claim that its own networks are secure. If Einstein is free, then companies might use it. But that’s about as far as that goes.

Other stuff:

“the vast majority of vulnerabilities, both client-side and server-side, are being sold for less than $5,000″

Point: “some of the most alluring approaches to assuring information security [and] why they fail to make a difference to regular users and businesses alike”

Counterpoint: “blaming security engineering for the impact of targeted attacks is a herring as red as they come”

Random bits

19 May 2010

“like-sign dimuon charge asymmetry…in disagreement with the prediction of the standard model by 3.2 standard deviations”

OK, now VMs are totally safe! No need to worry about escape attacks or rootkits…but seriously, it’s good that not everyone takes hypervisor security for granted.

“there is now a significant body of work showing how to break conventional quantum cryptography systems based on various practical weaknesses in the way they are set up…while the known loopholes can be papered over, it’s the unknown ones that represent threats in the future…[researchers have shown that it's easy] with a little malicious intent to bend the assumptions behind perfect quantum cryptography.”

Random bits

7 May 2010

Principles of Robust Timing Over the Internet

“[An IPv4 address space] black market already exists, albeit on a small scale…[currently] IPv4 addresses are still relatively easy to get…[some believe] that regional registries such as ARIN should head off a potentially deleterious black market by creating a “white market” with established rules for trading IPv4 addresses at market-established costs…But the opportunity to cleanly switch from IPv4 to IPv6 passed many years ago. The current transition strategy, called “dual stack,” requires businesses to remain connected to both IPv4 and IPv6 networks until most of the Internet gets to “the other side” — a process expected to take at least five years.”

“Frosted windows may never be private again”

“a fundamental limit to the level of privacy that is possible when social networks are mined for recommendations”

“The 605-page [NSA IAD] PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks…[one] section delves into the challenges of attributing the true origin(s) of a computer network attack”

Random bits

30 April 2010

“Who can do a better job of protecting us from cyberthreats: private companies like Google, or Uncle Sam?”

Cyberwings. That’ll raise morale. Or not.

Computer security on the Death Star was a joke

Random bits

23 April 2010

“in [Richard Clarke's] Cyberwar, like in real war, truth is the first casualty”

Cyberdeterrence through tattlling? This is ridiculous. Not bloody likely that will work against serious hackers. And not bloody likely that it would be done in cases where potentially state-sponsored hackers were caught.

Cybersecurity and National Policy


Get every new post delivered to your Inbox.